DEV: Ensure only one csrftoken request is running simultaneously (#31390)

Before this, triggering two ajax requests close together would 'race' to
create a csrf-token, and only one would succeed

app/assets/javascripts/discourse/app/lib/ajax.js

@@ -45,10 +45,16 @@ function handleRedirect(xhr) {
   }
 }
 
+let activeCsrfRequest;
+
 export function updateCsrfToken() {
-  return ajax("/session/csrf").then((result) => {
+  if (!activeCsrfRequest) {
-    Session.currentProp("csrfToken", result.csrf);
+    activeCsrfRequest = ajax("/session/csrf")
-  });
+      .then((result) => Session.currentProp("csrfToken", result.csrf))
+      .finally(() => (activeCsrfRequest = null));
+  }
+
+  return activeCsrfRequest;
 }
 
 /**