From f0f1e6817cae807a1f31a67b98e72f6103ed219d Mon Sep 17 00:00:00 2001
From: Mitchell Kotler <mitch@mitchellkotler.net>
Date: Wed, 31 Jul 2024 13:17:37 -0400
Subject: [PATCH] use csrf token

---
 app.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app.js b/app.js
index 19c97cd..843e269 100644
--- a/app.js
+++ b/app.js
@@ -187,10 +187,12 @@ function update() {
 function tag() {
   var id = document.getElementById("tag_id").value;
   const url = `https://api.www.documentcloud.org/api/documents/${id}/data/test_key/`;
+  const token = ('; '+document.cookie).split(`; csrftoken=`).pop().split(';')[0];
   fetch(url, {
     method: "PUT",
     credentials: "include",
     headers: {
+      "X-CSRFToken": token,
       "Content-Type": "application/json",
     },
     body: JSON.stringify({"values": ["test_value"]})