CSRF prevention tokens in cookies

[dan-corneanu]

Hi,
my grape APIs are protected against CSRF through a X-CSRF-Token request header. The value that has to go into this header is sent by the server to clients through a cookie.

Is there a way to customise grape-swagger-rails to add this header to every request?
Ex.

xhr.setRequestHeader('X-CSRF-Token', $.cookie('CSRF-Token'))

[dblock]

I think this will need a bit of work, see how things are added to the request here: https://github.com/TinkerDev/grape-swagger-rails/blob/master/app/views/grape_swagger_rails/application/index.html.erb#L49.