Skip to content

Commit

Permalink
csrf fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
Frooodle committed Dec 14, 2024
1 parent 24717dd commit 1f1c414
Show file tree
Hide file tree
Showing 7 changed files with 7 additions and 8 deletions.
2 changes: 1 addition & 1 deletion src/main/resources/static/js/downloader.js
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@
let errorMessage = null;

try {
const response = await fetch(url, {method: 'POST', body: formData});
const response = await window.fetchWithCsrf(url, {method: 'POST', body: formData});
const contentType = response.headers.get('content-type');

if (!response.ok) {
Expand Down
1 change: 0 additions & 1 deletion src/main/resources/static/js/fetch-utils.js
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ window.fetchWithCsrf = async function(url, options = {}) {
if (cookieValue) {
return cookieValue;
}

const csrfElement = document.querySelector('input[name="_csrf"]');
return csrfElement ? csrfElement.value : null;
}
Expand Down
4 changes: 2 additions & 2 deletions src/main/resources/templates/account.html
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,7 @@ <h4 th:text="#{account.yourApiKey}">API Key</h4>
/*<![CDATA[*/
const urlGetApiKey = /*[[@{/api/v1/user/get-api-key}]]*/ "/api/v1/user/get-api-key";
/*]]>*/
let response = await fetch(urlGetApiKey, { method: 'POST' });
let response = await window.fetchWithCsrf(urlGetApiKey, { method: 'POST' });
if (response.status === 200) {
let apiKey = await response.text();
manageUIState(apiKey);
Expand All @@ -213,7 +213,7 @@ <h4 th:text="#{account.yourApiKey}">API Key</h4>
/*<![CDATA[*/
const urlUpdateApiKey = /*[[@{/api/v1/user/update-api-key}]]*/ "/api/v1/user/update-api-key";
/*]]>*/
let response = await fetch(urlUpdateApiKey, { method: 'POST' });
let response = await window.fetchWithCsrf(urlUpdateApiKey, { method: 'POST' });
if (response.status === 200) {
let apiKey = await response.text();
manageUIState(apiKey);
Expand Down
2 changes: 1 addition & 1 deletion src/main/resources/templates/fragments/common.html
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
<script>
window.stirlingPDF = window.stirlingPDF || {};
</script>

<script th:src="@{'/js/fetch-utils.js'}"></script>
<!-- jQuery -->
<script th:src="@{'/js/thirdParty/jquery.min.js'}"></script>
<script th:src="@{'/js/thirdParty/jquery.validate.min.js'}"></script>
Expand Down
2 changes: 1 addition & 1 deletion src/main/resources/templates/fragments/navbar.html
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
</script>
<script th:src="@{'/js/homecard.js'}"></script>
<script th:src="@{'/js/githubVersion.js'}"></script>
<form th:action="@{'/dummyFormToPopulateCSRF'}" method="post" enctype="multipart/form-data"></form>
<nav class="navbar navbar-expand-xl">
<div class="container ">
<a class="navbar-brand" th:href="@{'/'}" style="display: flex;">
Expand Down Expand Up @@ -376,7 +377,6 @@ <h6 class="menu-title" th:text="#{navbar.sections.advance}"></h6>
<span class="go-pro-badge" th:text="#{enterpriseEdition.button}"></span>
</a>
</li>

<li class="nav-item">
<!-- Settings Button -->
<a href="#" class="nav-link" data-bs-toggle="modal" data-bs-target="#settingsModal" th:title="#{navbar.settings}">
Expand Down
2 changes: 1 addition & 1 deletion src/main/resources/templates/misc/remove-annotations.html
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@

const processFile = async (file) => {
const origFileUrl = URL.createObjectURL(file);
const formPdfBytes = await fetch(origFileUrl).then(res => res.arrayBuffer());
const formPdfBytes = await window.fetchWithCsrf(origFileUrl).then(res => res.arrayBuffer());
const pdfDoc = await PDFDocument.load(formPdfBytes, { ignoreEncryption: true });

const pages = pdfDoc.getPages();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ <h4 th:text="#{validateSignature.results}"></h4>
formData.append('certFile', certInput.files[0]);
}
try {
const response = await fetch(e.target.action, {
const response = await window.fetchWithCsrf(e.target.action, {
method: 'POST',
body: formData
});
Expand Down

0 comments on commit 1f1c414

Please sign in to comment.