Merge pull request #2728 from kobotoolbox/csrf-ocha-hotfix

pull the 64 character csrftoken from document.cookie

Author: jnm

jsapp/js/main.es6

@@ -25,10 +25,18 @@ function csrfSafeMethod(method) {
     // these HTTP methods do not require CSRF protection
     return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
 }
+
+let csrfToken = '';
+try {
+  csrfToken = document.cookie.match(/csrftoken=(\w{64})/)[1];
+} catch (err) {
+  console.error('Cookie not matched');
+}
+
 $.ajaxSetup({
     beforeSend: function(xhr, settings) {
         if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
-            xhr.setRequestHeader('X-CSRFToken', cookies.get('csrftoken'));
+            xhr.setRequestHeader('X-CSRFToken', csrfToken || cookies.get('csrftoken'));
         }
     }
 });