Refactor /api/web APIs to use the centralized axios instance (#6223)

Also adds the ability to decouple the centralized axios logic from the state dispatcher
author: nightpool <eg1290@gmail.com> 2018-01-08 14:01:33 -0500
committer: Eugen Rochko <eugen@zeonfederated.com> 2018-01-08 20:01:33 +0100
commit: c235711ffee6999c09bd6910373ebcfbc7758e99 (patch)
tree: 40efb018ab3fdc58d933d5ef09a95c56f0ef298d /app/javascript/mastodon/api.js
parent: ff6ca8bdc6e4ae42c571fecbab8ddc8817638c31 (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/app/javascript/mastodon/api.js b/app/javascript/mastodon/api.js
index ecc703c0a..0be08d7fd 100644
--- a/app/javascript/mastodon/api.js
+++ b/app/javascript/mastodon/api.js
@@ -1,4 +1,5 @@
 import axios from 'axios';
+import ready from './ready';
 import LinkHeader from './link_header';
 
 export const getLinks = response => {
@@ -11,10 +12,17 @@ export const getLinks = response => {
   return LinkHeader.parse(value);
 };
 
+let csrfHeader = {};
+function setCSRFHeader() {
+  const csrfToken = document.querySelector('meta[name=csrf-token]').content;
+  csrfHeader['X-CSRF-Token'] = csrfToken;
+}
+ready(setCSRFHeader);
+
 export default getState => axios.create({
-  headers: {
+  headers: Object.assign(csrfHeader, getState ? {
     'Authorization': `Bearer ${getState().getIn(['meta', 'access_token'], '')}`,
-  },
+  } : {}),
 
   transformResponse: [function (data) {
     try {
author	nightpool <eg1290@gmail.com>	2018-01-08 14:01:33 -0500
committer	Eugen Rochko <eugen@zeonfederated.com>	2018-01-08 20:01:33 +0100
commit	c235711ffee6999c09bd6910373ebcfbc7758e99 (patch)
tree	40efb018ab3fdc58d933d5ef09a95c56f0ef298d /app/javascript/mastodon/api.js
parent	ff6ca8bdc6e4ae42c571fecbab8ddc8817638c31 (diff)