paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-03 21:43:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

csrf: Improve API for when no CSRF input is available.

Browse Source 
Since we're adding this to a large number of portico pages, there's no
guarantee that these pages actually have a CSRF input.

Though given that the logout template contains a CSRF input,
realistically it should always be present.
This commit is contained in:
Tim Abbott
2018-12-16 15:23:34 -08:00
parent dbffa66b6d
commit 9198fa4ec9
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
static/js/csrf.js
View File

@@ -1,9 +1,18 @@
var csrf_token;
$(function () {
// This requires that we used Jinja2's {% csrf_input %} somewhere on the page.
csrf_token = $('input[name="csrfmiddlewaretoken"]').attr('value');
var csrf_input = $('input[name="csrfmiddlewaretoken"]');
if (csrf_input.length > 0) {
csrf_token = csrf_input.attr('value');
} else {
csrf_token = undefined;
}
window.csrf_token = csrf_token;
if (csrf_token === undefined) {
return;
}
$.ajaxSetup({
beforeSend: function (xhr, settings) {
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {