DEV: prevents csrf token to leak state between tests (#7746)
This commit is contained in:
parent
e6714d3531
commit
b29d63a52d
|
@ -1,16 +1,27 @@
|
|||
// Append our CSRF token to AJAX requests when necessary.
|
||||
let _crsfCallbacks;
|
||||
|
||||
export default {
|
||||
name: "csrf-token",
|
||||
initialize: function(container) {
|
||||
var session = container.lookup("session:main");
|
||||
|
||||
initialize(container) {
|
||||
const session = container.lookup("session:main");
|
||||
_crsfCallbacks = $.Callbacks();
|
||||
|
||||
// Add a CSRF token to all AJAX requests
|
||||
session.set("csrfToken", $("meta[name=csrf-token]").attr("content"));
|
||||
|
||||
$.ajaxPrefilter(function(options, originalOptions, xhr) {
|
||||
_crsfCallbacks.add(function(options, originalOptions, xhr) {
|
||||
if (!options.crossDomain) {
|
||||
xhr.setRequestHeader("X-CSRF-Token", session.get("csrfToken"));
|
||||
xhr.setRequestHeader("X-CSRF-Token", session.csrfToken);
|
||||
}
|
||||
});
|
||||
|
||||
$.ajaxPrefilter(_crsfCallbacks);
|
||||
}
|
||||
};
|
||||
|
||||
export function resetCsrfCallbacks() {
|
||||
_crsfCallbacks.empty();
|
||||
_crsfCallbacks = null;
|
||||
}
|
||||
|
|
|
@ -16,6 +16,7 @@ import { resetDecorators } from "discourse/widgets/widget";
|
|||
import { resetDecorators as resetPostCookedDecorators } from "discourse/widgets/post-cooked";
|
||||
import { resetCache as resetOneboxCache } from "pretty-text/oneboxer";
|
||||
import { resetCustomPostMessageCallbacks } from "discourse/controllers/topic";
|
||||
import { resetCsrfCallbacks } from "discourse/initializers/csrf-token";
|
||||
|
||||
export function currentUser() {
|
||||
return Discourse.User.create(
|
||||
|
@ -128,6 +129,7 @@ export function acceptance(name, options) {
|
|||
resetPostCookedDecorators();
|
||||
resetOneboxCache();
|
||||
resetCustomPostMessageCallbacks();
|
||||
resetCsrfCallbacks();
|
||||
Discourse.reset();
|
||||
}
|
||||
});
|
||||
|
|
Loading…
Reference in New Issue