From 68f2211f00dfa3f823ad780ed748c1af0078a0cf Mon Sep 17 00:00:00 2001 From: Hinaloe Date: Tue, 26 Mar 2019 19:13:20 +0900 Subject: Do not set CSRF Token when no csrf header (#10383) --- app/javascript/mastodon/api.js | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'app') diff --git a/app/javascript/mastodon/api.js b/app/javascript/mastodon/api.js index 4be3eadb0..98d59de43 100644 --- a/app/javascript/mastodon/api.js +++ b/app/javascript/mastodon/api.js @@ -13,10 +13,14 @@ export const getLinks = response => { }; let csrfHeader = {}; + function setCSRFHeader() { - const csrfToken = document.querySelector('meta[name=csrf-token]').content; - csrfHeader['X-CSRF-Token'] = csrfToken; + const csrfToken = document.querySelector('meta[name=csrf-token]'); + if (csrfToken) { + csrfHeader['X-CSRF-Token'] = csrfToken.content; + } } + ready(setCSRFHeader); export default getState => axios.create({ -- cgit