From af08ab5b7b16792ac64a88d96b4a965e5bbebfff Mon Sep 17 00:00:00 2001
From: Joffrey JAFFEUX <j.jaffeux@gmail.com>
Date: Fri, 7 Jun 2019 18:31:16 +0200
Subject: [PATCH] Revert "DEV: prevents csrf-token initializer to leak session
 object (#7730)"

This reverts commit da5255e560adc545f94c5383964102129e3ba36b.
---
 .../discourse/initializers/csrf-token.js.es6      | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/app/assets/javascripts/discourse/initializers/csrf-token.js.es6 b/app/assets/javascripts/discourse/initializers/csrf-token.js.es6
index b76a8b734c9..fd95c274d96 100644
--- a/app/assets/javascripts/discourse/initializers/csrf-token.js.es6
+++ b/app/assets/javascripts/discourse/initializers/csrf-token.js.es6
@@ -1,20 +1,15 @@
 //  Append our CSRF token to AJAX requests when necessary.
 export default {
   name: "csrf-token",
-
-  initialize(container) {
-    const session = container.lookup("session:main");
-
-    const csrfToken = document
-      .querySelector("meta[name=csrf-token]")
-      .getAttribute("content");
+  initialize: function(container) {
+    var session = container.lookup("session:main");
 
     // Add a CSRF token to all AJAX requests
-    session.set("csrfToken", csrfToken);
+    session.set("csrfToken", $("meta[name=csrf-token]").attr("content"));
 
-    $.ajaxPrefilter((options, originalOptions, xhr) => {
+    $.ajaxPrefilter(function(options, originalOptions, xhr) {
       if (!options.crossDomain) {
-        xhr.setRequestHeader("X-CSRF-Token", csrfToken);
+        xhr.setRequestHeader("X-CSRF-Token", session.get("csrfToken"));
       }
     });
   }