wip

app/templates/layout.html

@@ -25,6 +25,7 @@
     <link rel="stylesheet" href="{{ url_for('static', filename='css/theme.css') }}">
     <!-- Favicon -->
     <link rel="icon" type="image/png" href="{{ url_for('static', filename='img/favicon.png') }}">
+    <meta name="csrf-token" content="{{ csrf_token() }}">
     {% block styles %}{% endblock %}
     <script>
         // Check for saved theme preference or respect OS preference
@@ -602,6 +603,18 @@
             to { opacity: 0; }
         }
     </script>
+    <script>
+        // Add CSRF token to all AJAX requests
+        $(document).ready(function () {
+            $.ajaxSetup({
+                beforeSend: function (xhr, settings) {
+                    if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
+                        xhr.setRequestHeader("X-CSRFToken", $('meta[name="csrf-token"]').attr('content'));
+                    }
+                }
+            });
+        });
+    </script>
     {% block scripts %}{% endblock %}
 </body>