Cache csrf properties

2025-02-28 22:01:23 +01:00 · 2025-02-28 22:01:23 +01:00 · a19ee80c1e
commit a19ee80c1e
parent 847d2c544b
3 changed files with 17 additions and 24 deletions
--- a/app/assets/javascripts/application.js
+++ b/app/assets/javascripts/application.js
@ -95,6 +95,9 @@ $(document).ready(function () {
        breakpointWidth = 768;
  let moreItemWidth = 0;

+  OSM.csrf = {};
+  OSM.csrf[($("meta[name=csrf-param]").attr("content"))] = $("meta[name=csrf-token]").attr("content");
+
  function updateHeader() {
    const windowWidth = $(window).width();

--- a/app/assets/javascripts/index/search.js
+++ b/app/assets/javascripts/index/search.js
@ -44,19 +44,14 @@ OSM.Search = function (map) {
    e.preventDefault();
    e.stopPropagation();

-    const div = $(this).parents(".search_more"),
-          csrf_param = $("meta[name=csrf-param]").attr("content"),
-          csrf_token = $("meta[name=csrf-token]").attr("content"),
-          params = new URLSearchParams();
+    const div = $(this).parents(".search_more");

    $(this).hide();
    div.find(".loader").show();

-    params.set(csrf_param, csrf_token);
-
    fetch($(this).attr("href"), {
      method: "POST",
-      body: params
+      body: new URLSearchParams(OSM.csrf)
    })
      .then(response => response.text())
      .then(data => div.replaceWith(data));
@ -120,20 +115,17 @@ OSM.Search = function (map) {

  page.load = function () {
    $(".search_results_entry").each(function (index) {
-      const entry = $(this),
-            csrf_param = $("meta[name=csrf-param]").attr("content"),
-            csrf_token = $("meta[name=csrf-token]").attr("content"),
-            params = new URLSearchParams({
-              zoom: map.getZoom(),
-              minlon: map.getBounds().getWest(),
-              minlat: map.getBounds().getSouth(),
-              maxlon: map.getBounds().getEast(),
-              maxlat: map.getBounds().getNorth()
-            });
-      params.set(csrf_param, csrf_token);
+      const entry = $(this);
      fetch(entry.data("href"), {
        method: "POST",
-        body: params
+        body: new URLSearchParams({
+          zoom: map.getZoom(),
+          minlon: map.getBounds().getWest(),
+          minlat: map.getBounds().getSouth(),
+          maxlon: map.getBounds().getEast(),
+          maxlat: map.getBounds().getNorth(),
+          ...OSM.csrf
+        })
      })
        .then(response => response.text())
        .then(function (html) {
--- a/app/assets/javascripts/leaflet.share.js
+++ b/app/assets/javascripts/leaflet.share.js
@ -227,13 +227,11 @@ L.OSM.share = function (options) {
        .appendTo($form);
    }

-    const csrf_param = $("meta[name=csrf-param]").attr("content"),
-          csrf_token = $("meta[name=csrf-token]").attr("content");
+    const csrfAttrs = { type: "hidden" };
+    [[csrfAttrs.name, csrfAttrs.value]] = Object.entries(OSM.csrf);

    $("<input>")
-      .attr("name", csrf_param)
-      .attr("value", csrf_token)
-      .attr("type", "hidden")
+      .attr(csrfAttrs)
      .appendTo($form);

    const args = {