From: Marwin Hochfelsner <50826859+hlfan@users.noreply.github.com>
Date: Fri, 28 Feb 2025 21:01:23 +0000 (+0100)
Subject: Cache csrf properties
X-Git-Tag: live~3^2~1
X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/a19ee80c1ee51507a661cb57556d44ee56cc42ad?ds=sidebyside

Cache csrf properties
---

diff --git a/app/assets/javascripts/application.js b/app/assets/javascripts/application.js
index a3fd93e27..99bfede7e 100644
--- a/app/assets/javascripts/application.js
+++ b/app/assets/javascripts/application.js
@@ -95,6 +95,9 @@ $(document).ready(function () {
         breakpointWidth = 768;
   let moreItemWidth = 0;
 
+  OSM.csrf = {};
+  OSM.csrf[($("meta[name=csrf-param]").attr("content"))] = $("meta[name=csrf-token]").attr("content");
+
   function updateHeader() {
     const windowWidth = $(window).width();
 
diff --git a/app/assets/javascripts/index/search.js b/app/assets/javascripts/index/search.js
index b33d904a9..b3ef3ceb3 100644
--- a/app/assets/javascripts/index/search.js
+++ b/app/assets/javascripts/index/search.js
@@ -44,19 +44,14 @@ OSM.Search = function (map) {
     e.preventDefault();
     e.stopPropagation();
 
-    const div = $(this).parents(".search_more"),
-          csrf_param = $("meta[name=csrf-param]").attr("content"),
-          csrf_token = $("meta[name=csrf-token]").attr("content"),
-          params = new URLSearchParams();
+    const div = $(this).parents(".search_more");
 
     $(this).hide();
     div.find(".loader").show();
 
-    params.set(csrf_param, csrf_token);
-
     fetch($(this).attr("href"), {
       method: "POST",
-      body: params
+      body: new URLSearchParams(OSM.csrf)
     })
       .then(response => response.text())
       .then(data => div.replaceWith(data));
@@ -120,20 +115,17 @@ OSM.Search = function (map) {
 
   page.load = function () {
     $(".search_results_entry").each(function (index) {
-      const entry = $(this),
-            csrf_param = $("meta[name=csrf-param]").attr("content"),
-            csrf_token = $("meta[name=csrf-token]").attr("content"),
-            params = new URLSearchParams({
-              zoom: map.getZoom(),
-              minlon: map.getBounds().getWest(),
-              minlat: map.getBounds().getSouth(),
-              maxlon: map.getBounds().getEast(),
-              maxlat: map.getBounds().getNorth()
-            });
-      params.set(csrf_param, csrf_token);
+      const entry = $(this);
       fetch(entry.data("href"), {
         method: "POST",
-        body: params
+        body: new URLSearchParams({
+          zoom: map.getZoom(),
+          minlon: map.getBounds().getWest(),
+          minlat: map.getBounds().getSouth(),
+          maxlon: map.getBounds().getEast(),
+          maxlat: map.getBounds().getNorth(),
+          ...OSM.csrf
+        })
       })
         .then(response => response.text())
         .then(function (html) {
diff --git a/app/assets/javascripts/leaflet.share.js b/app/assets/javascripts/leaflet.share.js
index 325b168b2..42e195f0a 100644
--- a/app/assets/javascripts/leaflet.share.js
+++ b/app/assets/javascripts/leaflet.share.js
@@ -227,13 +227,11 @@ L.OSM.share = function (options) {
         .appendTo($form);
     }
 
-    const csrf_param = $("meta[name=csrf-param]").attr("content"),
-          csrf_token = $("meta[name=csrf-token]").attr("content");
+    const csrfAttrs = { type: "hidden" };
+    [[csrfAttrs.name, csrfAttrs.value]] = Object.entries(OSM.csrf);
 
     $("<input>")
-      .attr("name", csrf_param)
-      .attr("value", csrf_token)
-      .attr("type", "hidden")
+      .attr(csrfAttrs)
       .appendTo($form);
 
     const args = {