js: Extract csrf.js and include in common bundle.

This should make it possible to use this AJAX setup code in logged-out code as well, which is necessary to use blueslip from portico pages.
2018-12-16 15:15:52 -08:00 · 2018-12-16 15:15:52 -08:00 · adebe1bd4e
parent ed9430f3a6
commit adebe1bd4e
4 changed files with 17 additions and 14 deletions
--- a/static/js/bundles/app.js
+++ b/static/js/bundles/app.js
@ -46,6 +46,7 @@ import "js/input_pill.js";
 import "js/user_pill.js";
 import "js/compose_pm_pill.js";
 import "js/channel.js";
+import "js/csrf.js";
 import "js/setup.js";
 import "js/unread_ui.js";
 import "js/unread_ops.js";
--- a/static/js/csrf.js
+++ b/static/js/csrf.js
@ -0,0 +1,15 @@
+var csrf_token;
+$(function () {
+    // This requires that we used Jinja2's {% csrf_input %} somewhere on the page.
+    csrf_token = $('input[name="csrfmiddlewaretoken"]').attr('value');
+    window.csrf_token = csrf_token;
+
+    $.ajaxSetup({
+        beforeSend: function (xhr, settings) {
+            if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
+                // Only send the token to relative URLs i.e. locally.
+                xhr.setRequestHeader("X-CSRFToken", csrf_token);
+            }
+        },
+    });
+});
--- a/static/js/setup.js
+++ b/static/js/setup.js
@ -1,6 +1,5 @@
 // Miscellaneous early setup.

-var csrf_token;
 $(function () {
    if (util.is_mobile()) {
        // if the client is mobile, disable websockets for message sending
@ -19,10 +18,6 @@ $(function () {
    } else if (!page_params.needs_tutorial) {
        $('#first_run_message').show();
    }
-    // This requires that we used Django's {% csrf_token %} somewhere on the page.
-    csrf_token = $('input[name="csrfmiddlewaretoken"]').attr('value');
-    window.csrf_token = csrf_token;
-

    // This is an issue fix where in jQuery v3 the result of outerHeight on a node
    // that doesn’t exist is now “undefined” rather than “null”, which means it
@ -37,15 +32,6 @@ $(function () {
        return $(this).outerWidth.apply(this, arguments) || 0;
    };

-    $.ajaxSetup({
-        beforeSend: function (xhr, settings) {
-            if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
-                // Only send the token to relative URLs i.e. locally.
-                xhr.setRequestHeader("X-CSRFToken", csrf_token);
-            }
-        },
-    });
-
    // For some reason, jQuery wants this to be attached to an element.
    $(document).ajaxError(function (event, xhr) {
        if (xhr.status === 401) {
--- a/tools/webpack.assets.json
+++ b/tools/webpack.assets.json
@ -37,6 +37,7 @@
        "string.prototype.codepointat",
        "./node_modules/jquery/dist/jquery.js",
        "./node_modules/underscore/underscore.js",
+        "./static/js/csrf.js",
        "./static/js/blueslip.js",
        "./static/third/bootstrap/js/bootstrap.js",
        "./static/js/common.js",