Skip to content

Standardize access to CSRF token in JavaScript

username-removed-408230 requested to merge cache-csrf-token into master

What does this MR do?

  1. Adds a utility for reading the csrf token from the DOM and caching a reference to it
  2. Exposes the csrf token and header for use in the application
  3. Updates current references to X-CSRF-Header and $.rails.csrfToken and other approaches to reading the token from the DOM

Why was this MR needed?

We're reading the csrf token from the DOM every time we make an AJAX request. That's not too bad when we make 3-5 requests on page load, but really accumulates when we're polling. These DOM reads are an unnecessary performance burden. We also have a couple different ways of accessing the token in our codebase. This MR DRYs that up by standardizing access to the token. Finally, it reduces our dependency on jquery and jquery-ujs ($.rails)

Does this MR meet the acceptance criteria?

  • Tests added for this feature/bug
  • Review
    • Has been reviewed by Frontend

Todo

  • Export the header object, and add a comment about implementation
  • Use getter for token
  • Rename file/object to plain csrf
  • Add/ammend tests accordingly
  • Remove dependency on ujs
  • Assign to maintainer for review

What are the relevant issue numbers?

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/37773

Edited by username-removed-408230

Merge request reports