The Fix:
Synchronization Tokens
var csrf = readCookie("X-CSRF-Token");
if (csrf) {
myApp.originalSync = Backbone.sync;
Backbone.sync = function(method, model, options) {
options || (options = {});
options.headers = { "X-CSRF-Token": csrf };
return myApp.originalSync(method,model,options);
};
}
• Client reads the value of this special
cookie.