Fix CSRF auto refreshing (#801)

* Fix automatic CSRF refreshing * Change comment * Apparently eslint has no idea what is and isn't a syntax error
noblox · Jul 31, 2024 · f433904 · f433904
1 parent dc306d1
commit f433904
Showing 1 changed file with 25 additions and 12 deletions.
diff --git a/lib/util/http.js b/lib/util/http.js
@@ -82,19 +82,32 @@ exports.func = function (args) {
   }
   return http(args.url, opt).then(function (res) {
     if (opt && opt.headers && opt.headers['X-CSRF-TOKEN']) {
-      if (res.statusCode === 403 && (res.statusMessage === 'XSRF Token Validation Failed' || res.statusMessage === 'Token Validation Failed')) {
-        depth++
-        if (depth >= 3) {
-          throw new Error('Tried ' + depth + ' times and could not refresh XCSRF token successfully')
+      if (res.statusCode === 403) {
+        let message
+
+        try {
+          message = typeof res.body === 'string' ? JSON.parse(res.body).message : res.body.message
+        } catch (_) {
+          // Roblox didn't send back a properly formed json object
         }
-        const token = res.headers['x-csrf-token']
-        if (token) {
-          opt.headers['X-CSRF-TOKEN'] = token
-          opt.jar = jar
-          args.depth = depth + 1
-          return exports.func(args)
-        } else {
-          throw new Error('Could not refresh X-CSRF-TOKEN')
+
+        if (message === 'XSRF Token Validation Failed' || message === 'Token Validation Failed') {
+          depth++
+
+          if (depth >= 3) {
+            throw new Error('Tried ' + depth + ' times and could not refresh XCSRF token successfully')
+          }
+
+          const token = res.headers['x-csrf-token']
+
+          if (token) {
+            opt.headers['X-CSRF-TOKEN'] = token
+            opt.jar = jar
+            args.depth = depth + 1
+            return exports.func(args)
+          } else {
+            throw new Error('Could not refresh X-CSRF-TOKEN')
+          }
         }
       } else {
         if (depth > 0) {