mirror of
https://github.com/zulip/zulip.git
synced 2026-07-09 21:21:47 +08:00
Ever since we started bundling the app with webpack, there’s been less and less overlap between our ‘static’ directory (files belonging to the frontend app) and Django’s interpretation of the ‘static’ directory (files served directly to the web). Split the app out to its own ‘web’ directory outside of ‘static’, and remove all the custom collectstatic --ignore rules. This makes it much clearer what’s actually being served to the web, and what’s being bundled by webpack. It also shrinks the release tarball by 3%. Signed-off-by: Anders Kaseorg <anders@zulip.com>
26 lines
845 B
TypeScript
26 lines
845 B
TypeScript
import $ from "jquery";
|
|
|
|
export let csrf_token: string | undefined;
|
|
|
|
$(() => {
|
|
// This requires that we used Jinja2's {% csrf_input %} somewhere on the page.
|
|
const $csrf_input = $('input[name="csrfmiddlewaretoken"]');
|
|
csrf_token = $csrf_input.attr("value");
|
|
if (csrf_token === undefined) {
|
|
return;
|
|
}
|
|
|
|
$.ajaxSetup({
|
|
beforeSend(xhr: JQuery.jqXHR, settings: JQuery.AjaxSettings) {
|
|
if (settings.url === undefined || csrf_token === undefined) {
|
|
throw new Error("settings.url and/or csrf_token are missing.");
|
|
}
|
|
|
|
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
|
|
// Only send the token to relative URLs i.e. locally.
|
|
xhr.setRequestHeader("X-CSRFToken", csrf_token);
|
|
}
|
|
},
|
|
});
|
|
});
|