Merge branch 'tz-remove-csrf-token-for-emojis-json' into 'master'

Removes the CSRF token if the emojis.json is on a CDN

Closes #58784

See merge request gitlab-org/gitlab-ce!25979

(cherry picked from commit fcf632ef99fee06de42216e769ddfeb28967f17c)

cf2b0dc5 Removes the CSRF token if the emojis.json is on a CDN

1 files changed, 9 insertions, 1 deletions

diff --git a/app/assets/javascripts/emoji/index.js b/app/assets/javascripts/emoji/index.js
index 36542315c4c..bb5085a1911 100644
--- a/app/assets/javascripts/emoji/index.js
+++ b/app/assets/javascripts/emoji/index.js
@@ -3,6 +3,7 @@ import createFlash from '~/flash';
 import { s__ } from '~/locale';
 import emojiAliases from 'emojis/aliases.json';
 import axios from '../lib/utils/axios_utils';
+import csrf from '../lib/utils/csrf';
 
 import AccessorUtilities from '../lib/utils/accessor';
 
@@ -24,7 +25,14 @@ export function initEmojiMap() {
       resolve(emojiMap);
     } else {
       // We load the JSON from server
-      axios
+      const axiosInstance = axios.create();
+
+      // If the static JSON file is on a CDN we don't want to send the default CSRF token
+      if (gon.asset_host) {
+        delete axiosInstance.defaults.headers.common[csrf.headerKey];
+      }
+
+      axiosInstance
         .get(
           `${gon.asset_host || ''}${gon.relative_url_root ||
             ''}/-/emojis/${EMOJI_VERSION}/emojis.json`,