From d8f6f00e6030c70f69d5d47efcf3dee093e335db Mon Sep 17 00:00:00 2001
From: Faizaan Gagan <fzngagan@gmail.com>
Date: Thu, 1 Jul 2021 11:25:31 +0530
Subject: [PATCH] FIX: add csrf token to all wizard ajax requests in dev (#129)

* FIX: add csrf token to all wizard ajax requests in dev

* fix formatting

* simplified code

* Update field.rb
---
 .../wizard/initializers/custom-wizard.js.es6        | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/assets/javascripts/wizard/initializers/custom-wizard.js.es6 b/assets/javascripts/wizard/initializers/custom-wizard.js.es6
index ab7c9146..24102bed 100644
--- a/assets/javascripts/wizard/initializers/custom-wizard.js.es6
+++ b/assets/javascripts/wizard/initializers/custom-wizard.js.es6
@@ -26,7 +26,11 @@ export default {
     const setDefaultOwner = requirejs("discourse-common/lib/get-owner")
       .setDefaultOwner;
     const messageBus = requirejs("message-bus-client").default;
-
+    const getToken = requirejs("wizard/lib/ajax").getToken;
+    const setEnvironment = requirejs("discourse-common/config/environment")
+      .setEnvironment;
+    const isDevelopment = requirejs("discourse-common/config/environment")
+      .isDevelopment;
     const container = app.__container__;
     Discourse.Model = EmberObject.extend();
     Discourse.__container__ = container;
@@ -89,6 +93,7 @@ export default {
     const session = container.lookup("session:main");
     const setupData = document.getElementById("data-discourse-setup").dataset;
     session.set("highlightJsPath", setupData.highlightJsPath);
+    setEnvironment(setupData.environment);
 
     Router.reopen({
       rootURL: getUrl("/w/"),
@@ -107,5 +112,11 @@ export default {
       },
       model() {},
     });
+
+    $.ajaxPrefilter(function (_, __, jqXHR) {
+      if (isDevelopment()) {
+        jqXHR.setRequestHeader("X-CSRF-Token", getToken());
+      }
+    });
   },
 };