Do not set CSRF Token when no csrf header (#10383)

author Hinaloe <hina@hinaloe.net>

Tue, 26 Mar 2019 10:13:20 +0000 (19:13 +0900)

committer Eugen Rochko <eugen@zeonfederated.com>

Tue, 26 Mar 2019 10:13:20 +0000 (11:13 +0100)
author Hinaloe <hina@hinaloe.net>
Tue, 26 Mar 2019 10:13:20 +0000 (19:13 +0900)
committer Eugen Rochko <eugen@zeonfederated.com>
Tue, 26 Mar 2019 10:13:20 +0000 (11:13 +0100)
diff --git a/app/javascript/mastodon/api.js b/app/javascript/mastodon/api.js

index 4be3eadb022e5b0d512135b662566bc1e043cc3d..98d59de433f4bfc78feb7d2b37c3871fb2301a25 100644 (file)
--- a/app/javascript/mastodon/api.js
+++ b/app/javascript/mastodon/api.js
@@ -13,10 +13,14 @@ export const getLinks = response => {
  };
  
  let csrfHeader = {};
+
  function setCSRFHeader() {
-  const csrfToken = document.querySelector('meta[name=csrf-token]').content;
-  csrfHeader['X-CSRF-Token'] = csrfToken;
+  const csrfToken = document.querySelector('meta[name=csrf-token]');
+  if (csrfToken) {
+    csrfHeader['X-CSRF-Token'] = csrfToken.content;
+  }
  }
+
  ready(setCSRFHeader);
  
  export default getState => axios.create({
author	Hinaloe <hina@hinaloe.net>
	Tue, 26 Mar 2019 10:13:20 +0000 (19:13 +0900)
committer	Eugen Rochko <eugen@zeonfederated.com>
	Tue, 26 Mar 2019 10:13:20 +0000 (11:13 +0100)