From a0b3f621dce168ab31a3a4ccf37dbd3d97368ebd Mon Sep 17 00:00:00 2001 From: Tim Zallmann Date: Mon, 11 Mar 2019 19:33:21 +0000 Subject: [PATCH] Removes the CSRF token if the emojis.json is on a CDN --- app/assets/javascripts/emoji/index.js | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/app/assets/javascripts/emoji/index.js b/app/assets/javascripts/emoji/index.js index 36542315c4c..bb5085a1911 100644 --- a/app/assets/javascripts/emoji/index.js +++ b/app/assets/javascripts/emoji/index.js @@ -3,6 +3,7 @@ import createFlash from '~/flash'; import { s__ } from '~/locale'; import emojiAliases from 'emojis/aliases.json'; import axios from '../lib/utils/axios_utils'; +import csrf from '../lib/utils/csrf'; import AccessorUtilities from '../lib/utils/accessor'; @@ -24,7 +25,14 @@ export function initEmojiMap() { resolve(emojiMap); } else { // We load the JSON from server - axios + const axiosInstance = axios.create(); + + // If the static JSON file is on a CDN we don't want to send the default CSRF token + if (gon.asset_host) { + delete axiosInstance.defaults.headers.common[csrf.headerKey]; + } + + axiosInstance .get( `${gon.asset_host || ''}${gon.relative_url_root || ''}/-/emojis/${EMOJI_VERSION}/emojis.json`,