make sure xsrf token is set on static requests

cylc · May 3, 2024 · 6887c64 · 6887c64
1 parent 61d6a1e
commit 6887c64
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/cylc/uiserver/handlers.py b/cylc/uiserver/handlers.py
@@ -186,6 +186,9 @@ def initialize(self, *args, **kwargs):
 
     def check_xsrf_cookie(self):
         # don't need XSRF protections on static assets
+        # accessing xsrf_token ensures xsrf cookie is set if it needs to be,
+        # e.g. setting it on request for /index.html to be available for request to /userprofile
+        self.xsrf_token  # noqa
         return
 
     @web.authenticated