/*globals define*/
define('ep/inject-sec-token', [
'jquery',
'ep',
'jquery/cookie',
'$ready!'
], function ($, ep) {
'use strict';
/**
* Inject a security token into a html form (csrf)
* @param {Object} options Optional options
* @param {String} tokenName Cookie to retrieve (also used as input name).
* @param {String} selector Form to inject the cookie into
* @param {String} link Selector for links to inject the cookie into
*/
ep.injectSecToken = function (options) {
var defaults = {
tokenName: 'SecToken',
selector: 'form[method="post"]',
link: 'a'
},
cookies = $.cookie(),
appendSecToken = function (form) {
if (cookies[defaults.tokenName] && form.find("input[name='" + defaults.tokenName + "']").length === 0) {
form.append('<input type="hidden" name="' + defaults.tokenName + '" value="' + cookies[defaults.tokenName] + '" />');
}
},
appendSecTokenToLink = function (link) {
var href = link.attr('href');
if (href && (href.search(/ChangeAction/i) > -1) && cookies[defaults.tokenName] && (href.search(new RegExp(defaults.tokenName)) === -1)) {
href += ((href.search(/\?/) === -1) ? "?" : "&") + defaults.tokenName + "=" + cookies[defaults.tokenName];
link.attr('href', href);
}
};
$.extend(defaults, options);
// forms
$(defaults.selector).each(function () {
appendSecToken($(this));
});
// links
$(defaults.link).each(function () {
appendSecTokenToLink($(this));
});
// handle submit event
$(document).on('submit', defaults.selector, function () {
appendSecToken($(this));
});
// handle click event
$(document).on('click', defaults.link, function () {
appendSecTokenToLink($(this));
});
};
return ep;
});