Merge pull request #38272 from mitodl/asad/pick-csrf-from-cookie

pdpinch · web-flow · commit bece2c4c942e · 2026-04-06T07:54:49.000-04:00
fix: read latest CSRF token from cookie
diff --git a/lms/static/js/main.js b/lms/static/js/main.js
@@ -7,8 +7,10 @@
 
   $(function() {
     $.ajaxSetup({
-      headers: {
-        'X-CSRFToken': $.cookie('csrftoken')
+      beforeSend: function(xhr, settings) {
+        if (!(/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type)) && !this.crossDomain) {
+          xhr.setRequestHeader('X-CSRFToken', $.cookie('csrftoken'));
+        }
       },
       dataType: 'json'
     });
