function __c(cname) { var name = cname + '='; var decodedCookie = decodeURIComponent(document.cookie); var ca = decodedCookie.split(';'); for (var i = 0; i < ca.length; i++) { var c = ca[i]; while (c.charAt(0) == ' ') { c = c.substring(1); } if (c.indexOf(name) == 0) { return c.substring(name.length, c.length); } } return ''; } function setToken(token) { if (typeof jQuery !== 'undefined') { $.ajaxSetup({ headers: { 'X-CSRF-TOKEN': token } }); } document.addEventListener('DOMContentLoaded', function() { if (document.querySelector('head meta[name="csrf-token"]')) { document.querySelector('head meta[name="csrf-token"]').setAttribute('content', token); } if (document.querySelector('form input[name="_token"]')) { document.querySelector('form input[name="_token"]').setAttribute('value', token); } }); } var cookie = __c('XSRF-TOKEN'); var data = sessionStorage.getItem('XSRF-TOKEN-COOKIE'); if (!cookie || !data || cookie != data) { sessionStorage.removeItem('XSRF-TOKEN'); sessionStorage.removeItem('XSRF-TOKEN-COOKIE'); var request = new XMLHttpRequest(); request.open('POST', '/ajax/token', true); request.responseType = 'json'; request.setRequestHeader('X-CSRF-TOKEN', token); request.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8'); request.send(null); request.addEventListener('load', function(e) { if (request.status === 200) { cookie = __c('XSRF-TOKEN'); sessionStorage.setItem('XSRF-TOKEN', request.response.token); sessionStorage.setItem('XSRF-TOKEN-COOKIE', cookie); setToken(request.response.token); } }); } var token = sessionStorage.getItem('XSRF-TOKEN'); if (token) { setToken(token); }