From 4ad3813499aff8cef4e41300f9c1b578ad9032da Mon Sep 17 00:00:00 2001
From: SBD <strigevitch.boris@gmail.com>
Date: Fri, 12 Jan 2024 16:11:35 +0300
Subject: [PATCH] check post csrf3

---
 static/js/global_js.js      | 12 ++++++++++++
 static/js/user_profile_2.js |  2 +-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/static/js/global_js.js b/static/js/global_js.js
index ce92a7e..29324b7 100644
--- a/static/js/global_js.js
+++ b/static/js/global_js.js
@@ -157,6 +157,18 @@ function checkStateCookie () {
     }
 }
 
+function getCsrfCookie () {
+    let str = window.document.cookie
+    str = str.split('; ');
+    let obj_cookie = {}
+    for (let i = 0;i < str.length;i++){
+        let cur = str[i].split('=');
+        obj_cookie[cur[0]] = cur[1]
+    }
+    let csrf = obj_cookie['csrftoken']
+    return csrf
+}
+
 function setCokie () {
     let date = new Date();
     let days = 182;
diff --git a/static/js/user_profile_2.js b/static/js/user_profile_2.js
index 366ba30..464f053 100644
--- a/static/js/user_profile_2.js
+++ b/static/js/user_profile_2.js
@@ -26,7 +26,7 @@ function select_tab_profile (el,url,owner_type=null) {
     }
     $.ajax({
         // headers: { "X-CSRFToken": $('input[name=csrfmiddlewaretoken]').val() },
-        headers: { "X-CSRFToken": "{{csrf_token}}" },
+        headers: { "X-CSRFToken": `${getCsrfCookie()}` },
         url: confirm_url,
         type: "POST",
         // async: true,