From f700e318a4671bc413c92b1c384c05f1080dda54 Mon Sep 17 00:00:00 2001 From: Osama Sayegh Date: Sat, 6 Feb 2021 01:18:29 +0300 Subject: [PATCH] DEV: Add CSRF meta tags to pages served by Ember CLI server (#11993) Signed-off-by: OsamaSayegh --- .../discourse/public/assets/scripts/discourse-boot.js | 10 ++++++++++ app/controllers/bootstrap_controller.rb | 1 + 2 files changed, 11 insertions(+) diff --git a/app/assets/javascripts/discourse/public/assets/scripts/discourse-boot.js b/app/assets/javascripts/discourse/public/assets/scripts/discourse-boot.js index d0120c8ea09..9c9c4d0200e 100644 --- a/app/assets/javascripts/discourse/public/assets/scripts/discourse-boot.js +++ b/app/assets/javascripts/discourse/public/assets/scripts/discourse-boot.js @@ -195,6 +195,16 @@ let locale = data.bootstrap.locale_script; + if (data.bootstrap.csrf_token) { + const csrfParam = document.createElement("meta"); + csrfParam.setAttribute("name", "csrf-param"); + csrfParam.setAttribute("content", "authenticity_token"); + head.append(csrfParam); + const csrfToken = document.createElement("meta"); + csrfToken.setAttribute("name", "csrf-token"); + csrfToken.setAttribute("content", data.bootstrap.csrf_token); + head.append(csrfToken); + } (data.bootstrap.stylesheets || []).forEach((s) => { let link = document.createElement("link"); link.setAttribute("rel", "stylesheet"); diff --git a/app/controllers/bootstrap_controller.rb b/app/controllers/bootstrap_controller.rb index ebd68eebe11..b0378359c5f 100644 --- a/app/controllers/bootstrap_controller.rb +++ b/app/controllers/bootstrap_controller.rb @@ -60,6 +60,7 @@ class BootstrapController < ApplicationController preloaded: @preloaded, } bootstrap[:extra_locales] = extra_locales if extra_locales.present? + bootstrap[:csrf_token] = form_authenticity_token if current_user render_json_dump(bootstrap: bootstrap) end