Revert "DEV: prevents csrf-token initializer to leak session object (#7730)"

This reverts commit da5255e560.
This commit is contained in:
Joffrey JAFFEUX 2019-06-07 18:31:16 +02:00
parent ebecd0b7d1
commit af08ab5b7b
1 changed files with 5 additions and 10 deletions

View File

@ -1,20 +1,15 @@
// Append our CSRF token to AJAX requests when necessary.
export default {
name: "csrf-token",
initialize(container) {
const session = container.lookup("session:main");
const csrfToken = document
.querySelector("meta[name=csrf-token]")
.getAttribute("content");
initialize: function(container) {
var session = container.lookup("session:main");
// Add a CSRF token to all AJAX requests
session.set("csrfToken", csrfToken);
session.set("csrfToken", $("meta[name=csrf-token]").attr("content"));
$.ajaxPrefilter((options, originalOptions, xhr) => {
$.ajaxPrefilter(function(options, originalOptions, xhr) {
if (!options.crossDomain) {
xhr.setRequestHeader("X-CSRF-Token", csrfToken);
xhr.setRequestHeader("X-CSRF-Token", session.get("csrfToken"));
}
});
}