aboutsummaryrefslogtreecommitdiffstats
path: root/activestorage/app/assets/javascripts
diff options
context:
space:
mode:
authorCameron Bothner <cameronbothner@gmail.com>2018-12-27 12:44:04 -0500
committerCameron Bothner <cameronbothner@gmail.com>2018-12-27 12:44:19 -0500
commit372dda2a2950ad3ae5cf744ed8e3caa69a7ed44b (patch)
tree4b0ca6d6da5ad1d147e6a36febe55c3ea875c296 /activestorage/app/assets/javascripts
parent4ae8d6182fd9351b9451003f9380d8855f3f5a94 (diff)
downloadrails-372dda2a2950ad3ae5cf744ed8e3caa69a7ed44b.tar.gz
rails-372dda2a2950ad3ae5cf744ed8e3caa69a7ed44b.tar.bz2
rails-372dda2a2950ad3ae5cf744ed8e3caa69a7ed44b.zip
Don’t include an undefined X-CSRF-Token header
If there is not a `csrf-token` meta tag in the document, the blob record XHR was including an `X-CSRF-Token` header set to the string "undefined." Instead of setting it to undefined, it should not be included in the absence of a meta tag.
Diffstat (limited to 'activestorage/app/assets/javascripts')
-rw-r--r--activestorage/app/assets/javascripts/activestorage.js5
1 files changed, 4 insertions, 1 deletions
diff --git a/activestorage/app/assets/javascripts/activestorage.js b/activestorage/app/assets/javascripts/activestorage.js
index b71e251a11..e2bcb520b9 100644
--- a/activestorage/app/assets/javascripts/activestorage.js
+++ b/activestorage/app/assets/javascripts/activestorage.js
@@ -560,7 +560,10 @@
this.xhr.setRequestHeader("Content-Type", "application/json");
this.xhr.setRequestHeader("Accept", "application/json");
this.xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
- this.xhr.setRequestHeader("X-CSRF-Token", getMetaValue("csrf-token"));
+ var csrfToken = getMetaValue("csrf-token");
+ if (csrfToken != undefined) {
+ this.xhr.setRequestHeader("X-CSRF-Token", csrfToken);
+ }
this.xhr.addEventListener("load", function(event) {
return _this.requestDidLoad(event);
});
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-23 03:23:38 +0000