DEV: prevents csrf token to leak state between tests (#7746)

This commit is contained in:
Joffrey JAFFEUX 2019-06-11 11:54:23 +02:00 committed by GitHub
parent e6714d3531
commit b29d63a52d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 4 deletions

View File

@ -1,16 +1,27 @@
// Append our CSRF token to AJAX requests when necessary.
let _crsfCallbacks;
export default {
name: "csrf-token",
initialize: function(container) {
var session = container.lookup("session:main");
initialize(container) {
const session = container.lookup("session:main");
_crsfCallbacks = $.Callbacks();
// Add a CSRF token to all AJAX requests
session.set("csrfToken", $("meta[name=csrf-token]").attr("content"));
$.ajaxPrefilter(function(options, originalOptions, xhr) {
_crsfCallbacks.add(function(options, originalOptions, xhr) {
if (!options.crossDomain) {
xhr.setRequestHeader("X-CSRF-Token", session.get("csrfToken"));
xhr.setRequestHeader("X-CSRF-Token", session.csrfToken);
}
});
$.ajaxPrefilter(_crsfCallbacks);
}
};
export function resetCsrfCallbacks() {
_crsfCallbacks.empty();
_crsfCallbacks = null;
}

View File

@ -16,6 +16,7 @@ import { resetDecorators } from "discourse/widgets/widget";
import { resetDecorators as resetPostCookedDecorators } from "discourse/widgets/post-cooked";
import { resetCache as resetOneboxCache } from "pretty-text/oneboxer";
import { resetCustomPostMessageCallbacks } from "discourse/controllers/topic";
import { resetCsrfCallbacks } from "discourse/initializers/csrf-token";
export function currentUser() {
return Discourse.User.create(
@ -128,6 +129,7 @@ export function acceptance(name, options) {
resetPostCookedDecorators();
resetOneboxCache();
resetCustomPostMessageCallbacks();
resetCsrfCallbacks();
Discourse.reset();
}
});