websockets: Fix race condition in CSRF token initialization.

It appears that we were not always initializing the Socket object
after `setup.js` had the opportunity to set csrf_token.

This should fix #6961.

frontend_tests/node_tests/transmit.js

@@ -1,5 +1,6 @@
 var noop = function () {};
 
+set_global('$', global.make_zjquery());
 set_global('page_params', {
     use_websockets: true,
 });

static/js/transmit.js

@@ -3,11 +3,15 @@ var transmit = (function () {
 var exports = {};
 
 var socket;
-if (page_params.use_websockets) {
-    socket = new Socket("/sockjs");
-}
-// For debugging.  The socket will eventually move out of this file anyway.
-exports._socket = socket;
+$(function () {
+    // We initialize the socket inside a function so that this code
+    // runs after `csrf_token` is initialized in setup.js.
+    if (page_params.use_websockets) {
+        socket = new Socket("/sockjs");
+    }
+    // For debugging.  The socket will eventually move out of this file anyway.
+    exports._socket = socket;
+});
 
 function send_message_socket(request, success, error) {
     request.socket_user_agent = navigator.userAgent;

zerver/tornado/socket.py

@@ -121,7 +121,7 @@ class SocketConnection(sockjs.tornado.SockJSConnection):
 
         if 'csrf_token' not in msg['request']:
             # Debugging code to help with understanding #6961
-            logging.error("Invalid websockets auth request: %s" % (msg['request'],))
+            logging.error("CSRF token missing from websockets auth request: %s" % (msg['request'],))
             raise JsonableError(_('CSRF token entry missing from request'))
         if not _compare_salted_tokens(msg['request']['csrf_token'], self.csrf_token):
             raise JsonableError(_('CSRF token does not match that in cookie'))