Do not set CSRF Token when no csrf header (#10383)

6 years ago · 68f2211f00
parent 792a0f106e
commit 68f2211f00
1 changed files with 6 additions and 2 deletions
--- a/app/javascript/mastodon/api.js
+++ b/app/javascript/mastodon/api.js
@ -13,10 +13,14 @@ export const getLinks = response => {
 };

 let csrfHeader = {};
+
 function setCSRFHeader() {
-  const csrfToken = document.querySelector('meta[name=csrf-token]').content;
-  csrfHeader['X-CSRF-Token'] = csrfToken;
+  const csrfToken = document.querySelector('meta[name=csrf-token]');
+  if (csrfToken) {
+    csrfHeader['X-CSRF-Token'] = csrfToken.content;
+  }
 }
+
 ready(setCSRFHeader);

 export default getState => axios.create({