From f43390409b6c686b0b1d68706095ad3eab488597 Mon Sep 17 00:00:00 2001 From: Regalijan <72576136+Regalijan@users.noreply.github.com> Date: Thu, 1 Aug 2024 03:42:19 +0900 Subject: [PATCH] Fix CSRF auto refreshing (#801) * Fix automatic CSRF refreshing * Change comment * Apparently eslint has no idea what is and isn't a syntax error --- lib/util/http.js | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/lib/util/http.js b/lib/util/http.js index 867b817bf..3d3ee28ef 100644 --- a/lib/util/http.js +++ b/lib/util/http.js @@ -82,19 +82,32 @@ exports.func = function (args) { } return http(args.url, opt).then(function (res) { if (opt && opt.headers && opt.headers['X-CSRF-TOKEN']) { - if (res.statusCode === 403 && (res.statusMessage === 'XSRF Token Validation Failed' || res.statusMessage === 'Token Validation Failed')) { - depth++ - if (depth >= 3) { - throw new Error('Tried ' + depth + ' times and could not refresh XCSRF token successfully') + if (res.statusCode === 403) { + let message + + try { + message = typeof res.body === 'string' ? JSON.parse(res.body).message : res.body.message + } catch (_) { + // Roblox didn't send back a properly formed json object } - const token = res.headers['x-csrf-token'] - if (token) { - opt.headers['X-CSRF-TOKEN'] = token - opt.jar = jar - args.depth = depth + 1 - return exports.func(args) - } else { - throw new Error('Could not refresh X-CSRF-TOKEN') + + if (message === 'XSRF Token Validation Failed' || message === 'Token Validation Failed') { + depth++ + + if (depth >= 3) { + throw new Error('Tried ' + depth + ' times and could not refresh XCSRF token successfully') + } + + const token = res.headers['x-csrf-token'] + + if (token) { + opt.headers['X-CSRF-TOKEN'] = token + opt.jar = jar + args.depth = depth + 1 + return exports.func(args) + } else { + throw new Error('Could not refresh X-CSRF-TOKEN') + } } } else { if (depth > 0) {