function __c(cname) { var name = cname + '='; var decodedCookie = decodeURIComponent(document.cookie); var ca = decodedCookie.split(';'); for (var i = 0; i < ca.length; i++) { var c = ca[i]; while (c.charAt(0) == ' ') { c = c.substring(1); } if (c.indexOf(name) == 0) { return c.substring(name.length, c.length); } } return ''; } function setToken(token) { document.addEventListener('DOMContentLoaded', () => { if(document.querySelector('head meta[name="csrf-token"]')) { document.querySelector('head meta[name="csrf-token"]').setAttribute('content', token); } if(document.querySelector('form input[name="_token"]')) { document.querySelector('form input[name="_token"]').setAttribute('value', token); } }); } var cookie = __c('XSRF-TOKEN'); var data = sessionStorage.getItem('XSRF-TOKEN-COOKIE'); if (!cookie || !data || cookie != data) { sessionStorage.removeItem('XSRF-TOKEN'); sessionStorage.removeItem('XSRF-TOKEN-COOKIE'); var request = new XMLHttpRequest(); request.open('POST', '/ajax/token', true); request.setRequestHeader('X-CSRF-TOKEN', token); request.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8'); request.send(function(data, textStatus, xhr) { cookie = __c('XSRF-TOKEN'); sessionStorage.setItem('XSRF-TOKEN', data.token); sessionStorage.setItem('XSRF-TOKEN-COOKIE', cookie); setToken(data.token); }); } var token = sessionStorage.getItem('XSRF-TOKEN'); if (token) { setToken(token); }