DEV: prevents csrf-token initializer to leak session object (#7730)

DEV: prevents csrf-token initializer to leak session object (#7730)

diff --git a/app/assets/javascripts/discourse/initializers/csrf-token.js.es6 b/app/assets/javascripts/discourse/initializers/csrf-token.js.es6
index fd95c27..b76a8b7 100644
--- a/app/assets/javascripts/discourse/initializers/csrf-token.js.es6
+++ b/app/assets/javascripts/discourse/initializers/csrf-token.js.es6
@@ -1,15 +1,20 @@
 //  Append our CSRF token to AJAX requests when necessary.
 export default {
   name: "csrf-token",
-  initialize: function(container) {
-    var session = container.lookup("session:main");
+
+  initialize(container) {
+    const session = container.lookup("session:main");
+
+    const csrfToken = document
+      .querySelector("meta[name=csrf-token]")
+      .getAttribute("content");
 
     // Add a CSRF token to all AJAX requests
-    session.set("csrfToken", $("meta[name=csrf-token]").attr("content"));
+    session.set("csrfToken", csrfToken);
 
-    $.ajaxPrefilter(function(options, originalOptions, xhr) {
+    $.ajaxPrefilter((options, originalOptions, xhr) => {
       if (!options.crossDomain) {
-        xhr.setRequestHeader("X-CSRF-Token", session.get("csrfToken"));
+        xhr.setRequestHeader("X-CSRF-Token", csrfToken);
       }
     });
   }

GitHub sha: da5255e5

Revert "DEV: prevents csrf-token initializer to leak session object (#7730)"