var addUrlParam = function (url, key, val) { var newParam = encodeURIComponent(key) + '=' + encodeURIComponent(val); url = url.split('#')[0]; if (url.indexOf('?') === -1) url += '?' + newParam; else url += '&' + newParam; return url; }; $(function () { $('a[href-post]').click(function (e) { e.preventDefault(); var form = document.createElement('form'); form.style.display = 'none'; form.method = 'post'; form.action = $(this).attr('href-post'); form.target = '_self'; var input = document.createElement('input'); input.type = 'hidden'; input.name = '_csrf'; input.value = document.head.getAttribute('data-csrf-token'); form.appendChild(input); document.body.appendChild(form); form.submit(); }); $('form').each(function () { this.action = addUrlParam(this.action || location.href, '_csrf', document.head.getAttribute('data-csrf-token')); }); });