From 372dda2a2950ad3ae5cf744ed8e3caa69a7ed44b Mon Sep 17 00:00:00 2001 From: Cameron Bothner Date: Thu, 27 Dec 2018 12:44:04 -0500 Subject: [PATCH] =?UTF-8?q?Don=E2=80=99t=20include=20an=20undefined=20X-CS?= =?UTF-8?q?RF-Token=20header?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If there is not a `csrf-token` meta tag in the document, the blob record XHR was including an `X-CSRF-Token` header set to the string "undefined." Instead of setting it to undefined, it should not be included in the absence of a meta tag. --- activestorage/CHANGELOG.md | 5 +++++ activestorage/app/assets/javascripts/activestorage.js | 5 ++++- activestorage/app/javascript/activestorage/blob_record.js | 7 ++++++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/activestorage/CHANGELOG.md b/activestorage/CHANGELOG.md index 99f1ef9d86..51890f308b 100644 --- a/activestorage/CHANGELOG.md +++ b/activestorage/CHANGELOG.md @@ -1,3 +1,8 @@ +* It doesn’t include an `X-CSRF-Token` header if a meta tag is not found on + the page. It previously included one with a value of `undefined`. + + *Cameron Bothner* + * Fix `ArgumentError` when uploading to amazon s3 *Hiroki Sanpei* diff --git a/activestorage/app/assets/javascripts/activestorage.js b/activestorage/app/assets/javascripts/activestorage.js index b71e251a11..e2bcb520b9 100644 --- a/activestorage/app/assets/javascripts/activestorage.js +++ b/activestorage/app/assets/javascripts/activestorage.js @@ -560,7 +560,10 @@ this.xhr.setRequestHeader("Content-Type", "application/json"); this.xhr.setRequestHeader("Accept", "application/json"); this.xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest"); - this.xhr.setRequestHeader("X-CSRF-Token", getMetaValue("csrf-token")); + var csrfToken = getMetaValue("csrf-token"); + if (csrfToken != undefined) { + this.xhr.setRequestHeader("X-CSRF-Token", csrfToken); + } this.xhr.addEventListener("load", function(event) { return _this.requestDidLoad(event); }); diff --git a/activestorage/app/javascript/activestorage/blob_record.js b/activestorage/app/javascript/activestorage/blob_record.js index ff847892b2..7fbe315f76 100644 --- a/activestorage/app/javascript/activestorage/blob_record.js +++ b/activestorage/app/javascript/activestorage/blob_record.js @@ -17,7 +17,12 @@ export class BlobRecord { this.xhr.setRequestHeader("Content-Type", "application/json") this.xhr.setRequestHeader("Accept", "application/json") this.xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest") - this.xhr.setRequestHeader("X-CSRF-Token", getMetaValue("csrf-token")) + + const csrfToken = getMetaValue("csrf-token") + if (csrfToken != undefined) { + this.xhr.setRequestHeader("X-CSRF-Token", csrfToken) + } + this.xhr.addEventListener("load", event => this.requestDidLoad(event)) this.xhr.addEventListener("error", event => this.requestDidError(event)) }