Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

DEV: attempts to prevent session object to be retain in csrf init (#7743)

This commit is contained in:
Joffrey JAFFEUX 2019-06-11 09:59:14 +02:00 committed by GitHub
parent c407e32368
commit 62c56b6e59
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/assets/javascripts/discourse/initializers/csrf-token.js.es6
View File

@ -1,15 +1,16 @@
// Append our CSRF token to AJAX requests when necessary.
export default {
name: "csrf-token",
initialize: function(container) {
var session = container.lookup("session:main");
initialize(container) {
const session = container.lookup("session:main");
const csrfToken = $("meta[name=csrf-token]").attr("content");
// Add a CSRF token to all AJAX requests
session.set("csrfToken", $("meta[name=csrf-token]").attr("content"));
session.set("csrfToken", csrfToken);
$.ajaxPrefilter(function(options, originalOptions, xhr) {
if (!options.crossDomain) {
xhr.setRequestHeader("X-CSRF-Token", session.get("csrfToken"));
xhr.setRequestHeader("X-CSRF-Token", csrfToken);
}
});
}