FIX: Always use the current session token in uppy (#23812)

…rather than the value at the time when uppy is initialized. Future TODO: extract csrf-fetching logic from ajax helper to Session service.
2025-01-21 21:55:16 +08:00 · 2023-10-06 15:26:39 +02:00 · 2023-10-06 15:26:39 +02:00 · 2c490773f1
commit 2c490773f1
parent 057c2012f0
2 changed files with 4 additions and 4 deletions
--- a/app/assets/javascripts/discourse/app/mixins/composer-upload-uppy.js
+++ b/app/assets/javascripts/discourse/app/mixins/composer-upload-uppy.js
@ -544,9 +544,9 @@ export default Mixin.create(ExtendableUploader, UppyS3Multipart, {
  _useXHRUploads() {
    this._uppyInstance.use(XHRUpload, {
      endpoint: getURL(`/uploads.json?client_id=${this.messageBus.clientId}`),
-      headers: {
+      headers: () => ({
        "X-CSRF-Token": this.session.csrfToken,
-      },
+      }),
    });
  },

--- a/app/assets/javascripts/discourse/app/mixins/uppy-upload.js
+++ b/app/assets/javascripts/discourse/app/mixins/uppy-upload.js
@ -350,9 +350,9 @@ export default Mixin.create(UppyS3Multipart, ExtendableUploader, {
  _useXHRUploads() {
    this._uppyInstance.use(XHRUpload, {
      endpoint: this._xhrUploadUrl(),
-      headers: {
+      headers: () => ({
        "X-CSRF-Token": this.session.csrfToken,
-      },
+      }),
    });
  },