// Set global vars
var CSRFToken = "63ce80ba243b34bcfb63997a780b76838b04e4f6219fb0427127937557bc8611";
var $xo = jQuery.noConflict();
var $jq = $xo;
if (delete $) {
	$ = $xo;
} else {
	var $ = $xo; // Previously defined with var
}

// Register jquery vars to add CSRF headers to ajax() calls
setSpecificRequestHeader("$xo");
setSpecificRequestHeader("$jq");
setSpecificRequestHeader("$");
setSpecificRequestHeader("jQuery");

// Add CSRF headers to all jQuery ajax() calls that start with '/api'.
function setSpecificRequestHeader(jqtype)
{
	if (typeof window[jqtype] == 'function')
	{
		window[jqtype](document).ajaxSend(function( event, request, settings )
		{
			var urlinfo = new URL(settings.url, window.location.href); // Parse the url (based off of the current url if relative)
			if (urlinfo.hostname == window.location.hostname && urlinfo.pathname.startsWith('/api'))
			{
				// Add the CSRF token to all XO API calls
				request.setRequestHeader("X-CSRFToken", CSRFToken);
			}
		});
	}
}

// Re-apply the CSRF addition to "$" any time a new jQuery is added to the site
function reapplyCSRFSetup()
{
    setSpecificRequestHeader("$");
}

// Observe any DOM changes that attempt to add a new jquery script
// If found, re-apply CSRF setup
var xoObserver = new MutationObserver(function (mutations)
{
	mutations.forEach(function (mutation)
	{
		mutation.addedNodes.forEach(function (node)
		{
			if (node.tagName && node.tagName.toLowerCase() === 'script' && node.src)
			{
				if (node.src.includes('jquery'))
				{
					// Reapply CSRF setup when a new jQuery script is added
					node.onload = reapplyCSRFSetup;  // Ensure reapplication after the script is loaded
				}
			}
		});
	});
});
xoObserver.observe(document.documentElement, { childList: true, subtree: true });