diff options
author | Hinaloe <hina@hinaloe.net> | 2019-03-26 19:13:20 +0900 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2019-03-26 11:13:20 +0100 |
commit | 68f2211f00dfa3f823ad780ed748c1af0078a0cf (patch) | |
tree | b6ec02cafff51373a71c91ff0a77b6446c15e52e /app | |
parent | 792a0f106e04daff29304054a8cf0adaef0d6fe6 (diff) |
Do not set CSRF Token when no csrf header (#10383)
Diffstat (limited to 'app')
-rw-r--r-- | app/javascript/mastodon/api.js | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/app/javascript/mastodon/api.js b/app/javascript/mastodon/api.js index 4be3eadb0..98d59de43 100644 --- a/app/javascript/mastodon/api.js +++ b/app/javascript/mastodon/api.js @@ -13,10 +13,14 @@ export const getLinks = response => { }; let csrfHeader = {}; + function setCSRFHeader() { - const csrfToken = document.querySelector('meta[name=csrf-token]').content; - csrfHeader['X-CSRF-Token'] = csrfToken; + const csrfToken = document.querySelector('meta[name=csrf-token]'); + if (csrfToken) { + csrfHeader['X-CSRF-Token'] = csrfToken.content; + } } + ready(setCSRFHeader); export default getState => axios.create({ |