Revert "DEV: prevents csrf-token initializer to leak session object (#7730)"

This reverts commit da5255e560.
2024-11-23 03:09:00 +08:00 · 2019-06-07 18:31:16 +02:00 · 2019-06-07 18:31:16 +02:00 · af08ab5b7b
commit af08ab5b7b
parent ebecd0b7d1
1 changed files with 5 additions and 10 deletions
--- a/app/assets/javascripts/discourse/initializers/csrf-token.js.es6
+++ b/app/assets/javascripts/discourse/initializers/csrf-token.js.es6
@ -1,20 +1,15 @@
 //  Append our CSRF token to AJAX requests when necessary.
 export default {
  name: "csrf-token",
-
-  initialize(container) {
-    const session = container.lookup("session:main");
-
-    const csrfToken = document
-      .querySelector("meta[name=csrf-token]")
-      .getAttribute("content");
+  initialize: function(container) {
+    var session = container.lookup("session:main");

    // Add a CSRF token to all AJAX requests
-    session.set("csrfToken", csrfToken);
+    session.set("csrfToken", $("meta[name=csrf-token]").attr("content"));

-    $.ajaxPrefilter((options, originalOptions, xhr) => {
+    $.ajaxPrefilter(function(options, originalOptions, xhr) {
      if (!options.crossDomain) {
-        xhr.setRequestHeader("X-CSRF-Token", csrfToken);
+        xhr.setRequestHeader("X-CSRF-Token", session.get("csrfToken"));
      }
    });
  }