From 2cca6a1be8d9439803d4b7ce0f87f320171b21fc Mon Sep 17 00:00:00 2001
From: Tim Abbott <tabbott@zulipchat.com>
Date: Sun, 16 Dec 2018 15:23:34 -0800
Subject: [PATCH] csrf: Improve API for when no CSRF input is available.

Since we're adding this to a large number of portico pages, there's no
guarantee that these pages actually have a CSRF input.

Though given that the logout template contains a CSRF input,
realistically it should always be present.
---
 static/js/csrf.js | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/static/js/csrf.js b/static/js/csrf.js
index fb83de565a..5cd60973f8 100644
--- a/static/js/csrf.js
+++ b/static/js/csrf.js
@@ -1,9 +1,18 @@
 var csrf_token;
 $(function () {
     // This requires that we used Jinja2's {% csrf_input %} somewhere on the page.
-    csrf_token = $('input[name="csrfmiddlewaretoken"]').attr('value');
+    var csrf_input = $('input[name="csrfmiddlewaretoken"]');
+    if (csrf_input.length > 0) {
+        csrf_token = csrf_input.attr('value');
+    } else {
+        csrf_token = undefined;
+    }
     window.csrf_token = csrf_token;
 
+    if (csrf_token === undefined) {
+        return;
+    }
+
     $.ajaxSetup({
         beforeSend: function (xhr, settings) {
             if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {