Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

csrf: Improve API for when no CSRF input is available. 

Since we're adding this to a large number of portico pages, there's no
guarantee that these pages actually have a CSRF input.

Though given that the logout template contains a CSRF input,
realistically it should always be present.
This commit is contained in:
Tim Abbott 2018-12-16 15:23:34 -08:00
parent adebe1bd4e
commit 2cca6a1be8
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
static/js/csrf.js
View File

@ -1,9 +1,18 @@
var csrf_token; var csrf_token;
$(function () { $(function () {
// This requires that we used Jinja2's {% csrf_input %} somewhere on the page. // This requires that we used Jinja2's {% csrf_input %} somewhere on the page.
csrf_token = $('input[name="csrfmiddlewaretoken"]').attr('value'); var csrf_input = $('input[name="csrfmiddlewaretoken"]');
if (csrf_input.length > 0) {
csrf_token = csrf_input.attr('value');
} else {
csrf_token = undefined;
}
window.csrf_token = csrf_token; window.csrf_token = csrf_token;
if (csrf_token === undefined) {
return;
}
$.ajaxSetup({ $.ajaxSetup({
beforeSend: function (xhr, settings) { beforeSend: function (xhr, settings) {
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) { if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {