zulip/static/js/csrf.ts

import $ from "jquery";

export let csrf_token: string | undefined;

$(() => {
    // This requires that we used Jinja2's {% csrf_input %} somewhere on the page.
    const csrf_input = $('input[name="csrfmiddlewaretoken"]');
    csrf_token = csrf_input.attr("value");
    if (csrf_token === undefined) {
        return;
    }

    $.ajaxSetup({
        beforeSend(xhr: JQuery.jqXHR, settings: JQuery.AjaxSettings) {
            if (settings.url === undefined || csrf_token === undefined) {
                throw new Error("settings.url and/or csrf_token are missing.");
            }

            if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
                // Only send the token to relative URLs i.e. locally.
                xhr.setRequestHeader("X-CSRFToken", csrf_token);
            }
        },
    });
});
js: Convert static/js/csrf.js to ES6 module. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-03-25 23:20:18 +01:00			`import $ from "jquery";`
eslint: Forbid CommonJS variables in ES6 modules. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-03-23 08:42:16 +01:00
ts: Convert csrf module to TypeScript. 2021-06-14 01:34:32 +02:00			`export let csrf_token: string \| undefined;`
js: Add "use strict" directive to CommonJS files. ES and TypeScript modules are strict by default and don’t need this directive. ESLint will remind us to add it to new CommonJS files and remove it from ES and TypeScript modules. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-08-01 03:43:15 +02:00
eslint: Enable prefer-arrow-callback. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-07-02 01:45:54 +02:00			`$(() => {`
js: Extract csrf.js and include in common bundle. This should make it possible to use this AJAX setup code in logged-out code as well, which is necessary to use blueslip from portico pages. 2018-12-17 00:15:52 +01:00			`// This requires that we used Jinja2's {% csrf_input %} somewhere on the page.`
js: Automatically convert var to let and const in most files. This commit was originally automatically generated using `tools/lint --only=eslint --fix`. It was then modified by tabbott to contain only changes to a set of files that are unlikely to result in significant merge conflicts with any open pull request, excluding about 20 files. His plan is to merge the remaining changes with more precise care, potentially involving merging parts of conflicting pull requests before running the `eslint --fix` operation. Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2019-11-02 00:06:25 +01:00			`const csrf_input = $('input[name="csrfmiddlewaretoken"]');`
js: Convert static/js/csrf.js to ES6 module. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-03-25 23:20:18 +01:00			`csrf_token = csrf_input.attr("value");`
csrf: Improve API for when no CSRF input is available. Since we're adding this to a large number of portico pages, there's no guarantee that these pages actually have a CSRF input. Though given that the logout template contains a CSRF input, realistically it should always be present. 2018-12-17 00:23:34 +01:00			`if (csrf_token === undefined) {`
			`return;`
			`}`

js: Extract csrf.js and include in common bundle. This should make it possible to use this AJAX setup code in logged-out code as well, which is necessary to use blueslip from portico pages. 2018-12-17 00:15:52 +01:00			`$.ajaxSetup({`
ts: Convert csrf module to TypeScript. 2021-06-14 01:34:32 +02:00			`beforeSend(xhr: JQuery.jqXHR, settings: JQuery.AjaxSettings) {`
			`if (settings.url === undefined \|\| csrf_token === undefined) {`
			`throw new Error("settings.url and/or csrf_token are missing.");`
			`}`

js: Extract csrf.js and include in common bundle. This should make it possible to use this AJAX setup code in logged-out code as well, which is necessary to use blueslip from portico pages. 2018-12-17 00:15:52 +01:00			`if (!(/^http:./.test(settings.url) \|\| /^https:./.test(settings.url))) {`
			`// Only send the token to relative URLs i.e. locally.`
			`xhr.setRequestHeader("X-CSRFToken", csrf_token);`
			`}`
			`},`
			`});`
			`});`