Why is the csrf token set only after my script on portal pages?

Hello,

i would prefer to configure my desk listview but that seems to be not so easy to do. So instead I thought I will use the portal Pages and the frappe.call to built my own functionality the way I need it. But now i came across the problem, that the .js file in my www folder is included before the frappe.csrf_token is set.

Of course I could change it in the code, but I want to know the rationale behind this? Am I not supposed to use the AJAX Api in this place?

I only want to have a listview of my doctype where I have more power over the functionality…
(see How to create a custom Desk view)

The order doesn’t matter, you can wrap your code in a frappe.ready block and you would get the CSRF token value in that block.

<script>
	frappe.ready(() => {
		console.log(frappe.csrf_token)
	})
</script>