mirror of
https://github.com/discourse/discourse.git
synced 2024-11-23 08:04:03 +08:00
Revert "DEV: prevents csrf-token initializer to leak session object (#7730)"
This reverts commit da5255e560
.
This commit is contained in:
parent
ebecd0b7d1
commit
af08ab5b7b
|
@ -1,20 +1,15 @@
|
|||
// Append our CSRF token to AJAX requests when necessary.
|
||||
export default {
|
||||
name: "csrf-token",
|
||||
|
||||
initialize(container) {
|
||||
const session = container.lookup("session:main");
|
||||
|
||||
const csrfToken = document
|
||||
.querySelector("meta[name=csrf-token]")
|
||||
.getAttribute("content");
|
||||
initialize: function(container) {
|
||||
var session = container.lookup("session:main");
|
||||
|
||||
// Add a CSRF token to all AJAX requests
|
||||
session.set("csrfToken", csrfToken);
|
||||
session.set("csrfToken", $("meta[name=csrf-token]").attr("content"));
|
||||
|
||||
$.ajaxPrefilter((options, originalOptions, xhr) => {
|
||||
$.ajaxPrefilter(function(options, originalOptions, xhr) {
|
||||
if (!options.crossDomain) {
|
||||
xhr.setRequestHeader("X-CSRF-Token", csrfToken);
|
||||
xhr.setRequestHeader("X-CSRF-Token", session.get("csrfToken"));
|
||||
}
|
||||
});
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user