paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-11 17:36:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

js: Extract csrf.js and include in common bundle.

Browse Source 
This should make it possible to use this AJAX setup code in logged-out
code as well, which is necessary to use blueslip from portico pages.
This commit is contained in:
Tim Abbott
2018-12-16 15:15:52 -08:00
parent ed9430f3a6
commit adebe1bd4e
4 changed files with 17 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
static/js/bundles/app.js
View File

@@ -46,6 +46,7 @@ import "js/input_pill.js";
import "js/user_pill.js"; import "js/user_pill.js";
import "js/compose_pm_pill.js"; import "js/compose_pm_pill.js";
import "js/channel.js"; import "js/channel.js";
import "js/csrf.js";
import "js/setup.js"; import "js/setup.js";
import "js/unread_ui.js"; import "js/unread_ui.js";
import "js/unread_ops.js"; import "js/unread_ops.js";

15
static/js/csrf.js Normal file
View File

@@ -0,0 +1,15 @@
var csrf_token;
$(function () {
// This requires that we used Jinja2's {% csrf_input %} somewhere on the page.
csrf_token = $('input[name="csrfmiddlewaretoken"]').attr('value');
window.csrf_token = csrf_token;
$.ajaxSetup({
beforeSend: function (xhr, settings) {
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
// Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-CSRFToken", csrf_token);
}
},
});
});

14
static/js/setup.js
View File

@@ -1,6 +1,5 @@
// Miscellaneous early setup. // Miscellaneous early setup.
var csrf_token;
$(function () { $(function () {
if (util.is_mobile()) { if (util.is_mobile()) {
// if the client is mobile, disable websockets for message sending // if the client is mobile, disable websockets for message sending
@@ -19,10 +18,6 @@ $(function () {
} else if (!page_params.needs_tutorial) { } else if (!page_params.needs_tutorial) {
$('#first_run_message').show(); $('#first_run_message').show();
} }
// This requires that we used Django's {% csrf_token %} somewhere on the page.
csrf_token = $('input[name="csrfmiddlewaretoken"]').attr('value');
window.csrf_token = csrf_token;
// This is an issue fix where in jQuery v3 the result of outerHeight on a node // This is an issue fix where in jQuery v3 the result of outerHeight on a node
// that doesnt exist is now “undefined” rather than “null”, which means it // that doesnt exist is now “undefined” rather than “null”, which means it
@@ -37,15 +32,6 @@ $(function () {
return $(this).outerWidth.apply(this, arguments) || 0; return $(this).outerWidth.apply(this, arguments) || 0;
}; };
$.ajaxSetup({
beforeSend: function (xhr, settings) {
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
// Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-CSRFToken", csrf_token);
}
},
});
// For some reason, jQuery wants this to be attached to an element. // For some reason, jQuery wants this to be attached to an element.
$(document).ajaxError(function (event, xhr) { $(document).ajaxError(function (event, xhr) {
if (xhr.status === 401) { if (xhr.status === 401) {

1
tools/webpack.assets.json
View File

@@ -37,6 +37,7 @@
"string.prototype.codepointat", "string.prototype.codepointat",
"./node_modules/jquery/dist/jquery.js", "./node_modules/jquery/dist/jquery.js",
"./node_modules/underscore/underscore.js", "./node_modules/underscore/underscore.js",
"./static/js/csrf.js",
"./static/js/blueslip.js", "./static/js/blueslip.js",
"./static/third/bootstrap/js/bootstrap.js", "./static/third/bootstrap/js/bootstrap.js",
"./static/js/common.js", "./static/js/common.js",