DEV: prevents csrf token to leak state between tests (#7746)

app/assets/javascripts/discourse/initializers/csrf-token.js.es6

@@ -1,16 +1,27 @@
 //  Append our CSRF token to AJAX requests when necessary.
+let _crsfCallbacks;
+
 export default {
   name: "csrf-token",
-  initialize: function(container) {
+
-    var session = container.lookup("session:main");
+  initialize(container) {
+    const session = container.lookup("session:main");
+    _crsfCallbacks = $.Callbacks();
 
     // Add a CSRF token to all AJAX requests
     session.set("csrfToken", $("meta[name=csrf-token]").attr("content"));
 
-    $.ajaxPrefilter(function(options, originalOptions, xhr) {
+    _crsfCallbacks.add(function(options, originalOptions, xhr) {
       if (!options.crossDomain) {
-        xhr.setRequestHeader("X-CSRF-Token", session.get("csrfToken"));
+        xhr.setRequestHeader("X-CSRF-Token", session.csrfToken);
       }
     });
+
+    $.ajaxPrefilter(_crsfCallbacks);
   }
 };
+
+export function resetCsrfCallbacks() {
+  _crsfCallbacks.empty();
+  _crsfCallbacks = null;
+}

test/javascripts/helpers/qunit-helpers.js.es6

@@ -16,6 +16,7 @@ import { resetDecorators } from "discourse/widgets/widget";
 import { resetDecorators as resetPostCookedDecorators } from "discourse/widgets/post-cooked";
 import { resetCache as resetOneboxCache } from "pretty-text/oneboxer";
 import { resetCustomPostMessageCallbacks } from "discourse/controllers/topic";
+import { resetCsrfCallbacks } from "discourse/initializers/csrf-token";
 
 export function currentUser() {
   return Discourse.User.create(
@@ -128,6 +129,7 @@ export function acceptance(name, options) {
       resetPostCookedDecorators();
       resetOneboxCache();
       resetCustomPostMessageCallbacks();
+      resetCsrfCallbacks();
       Discourse.reset();
     }
   });