zulip/web/src/csrf.ts

26 lines
845 B
TypeScript
Raw Normal View History

import $ from "jquery";
2021-06-14 01:34:32 +02:00
export let csrf_token: string | undefined;
$(() => {
// This requires that we used Jinja2's {% csrf_input %} somewhere on the page.
const $csrf_input = $('input[name="csrfmiddlewaretoken"]');
csrf_token = $csrf_input.attr("value");
if (csrf_token === undefined) {
return;
}
$.ajaxSetup({
2021-06-14 01:34:32 +02:00
beforeSend(xhr: JQuery.jqXHR, settings: JQuery.AjaxSettings) {
if (settings.url === undefined || csrf_token === undefined) {
throw new Error("settings.url and/or csrf_token are missing.");
}
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
// Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-CSRFToken", csrf_token);
}
},
});
});