Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Revert "DEV: prevents csrf-token initializer to leak session object (#7730)" 

This reverts commit da5255e560.
This commit is contained in:
Joffrey JAFFEUX 2019-06-07 18:31:16 +02:00
parent ebecd0b7d1
commit af08ab5b7b
1 changed files with 5 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/assets/javascripts/discourse/initializers/csrf-token.js.es6
View File

@ -1,20 +1,15 @@
// Append our CSRF token to AJAX requests when necessary. // Append our CSRF token to AJAX requests when necessary.
export default { export default {
name: "csrf-token", name: "csrf-token",
initialize: function(container) {
initialize(container) { var session = container.lookup("session:main");
const session = container.lookup("session:main");
const csrfToken = document
.querySelector("meta[name=csrf-token]")
.getAttribute("content");
// Add a CSRF token to all AJAX requests // Add a CSRF token to all AJAX requests
session.set("csrfToken", csrfToken); session.set("csrfToken", $("meta[name=csrf-token]").attr("content"));
$.ajaxPrefilter((options, originalOptions, xhr) => { $.ajaxPrefilter(function(options, originalOptions, xhr) {
if (!options.crossDomain) { if (!options.crossDomain) {
xhr.setRequestHeader("X-CSRF-Token", csrfToken); xhr.setRequestHeader("X-CSRF-Token", session.get("csrfToken"));
} }
}); });
} }