Unverified Commit 50e392d8 authored by Agate's avatar Agate 💬
Browse files

Fix #1153: post issue on some URLs due to missing CSRF token

parent d0e6cd40
......@@ -436,7 +436,6 @@ export default {
param = "token"
value = this.$store.state.auth.scopedTokens.listen
}
console.log('HELLO', param, value, this.$store.state.auth.scopedTokens)
sources.forEach(e => {
e.url = url.updateQueryString(e.url, param, value)
})
......
......@@ -70,7 +70,10 @@ export default {
if (!self.$store.state.auth.authenticated) {
return xhrObject
}
xhrObject.setRequestHeader('Authorization', self.$store.getters['auth/header'])
if (self.$store.state.auth.oauth.accessToken) {
xhrObject.setRequestHeader('Authorization', self.$store.getters['auth/header'])
}
return xhrObject
},
onResponse: function (initialResponse) {
......
<script>
import FileUpload from 'vue-upload-component'
import {setCsrf} from '@/utils'
export default {
extends: FileUpload,
......@@ -32,7 +33,10 @@ export default {
form.append(this.name, file.file, filename)
let xhr = new XMLHttpRequest()
xhr.open('POST', file.postAction)
xhr.setRequestHeader('Authorization', this.$store.getters['auth/header'])
setCsrf(xhr)
if (this.$store.state.auth.oauth.accessToken) {
xhr.setRequestHeader('Authorization', this.$store.getters['auth/header'])
}
return this.uploadXhr(xhr, file, form)
}
}
......
......@@ -39,7 +39,10 @@ export default {
apiSettings: {
url: this.$store.getters['instance/absoluteUrl']('/api/v1/tags/?name__startswith={query}&ordering=length&page_size=5'),
beforeXHR: function (xhrObject) {
xhrObject.setRequestHeader('Authorization', self.$store.getters['auth/header'])
if (self.$store.state.auth.oauth.accessToken) {
xhrObject.setRequestHeader('Authorization', self.$store.getters['auth/header'])
}
return xhrObject
},
onResponse(response) {
......
......@@ -114,7 +114,9 @@ export default {
settings.apiSettings = {
url: self.$store.getters['instance/absoluteUrl'](f.autocomplete + '?' + f.autocomplete_qs),
beforeXHR: function (xhrObject) {
xhrObject.setRequestHeader('Authorization', self.$store.getters['auth/header'])
if (self.$store.state.auth.oauth.accessToken) {
xhrObject.setRequestHeader('Authorization', self.$store.getters['auth/header'])
}
return xhrObject
},
onResponse: function (initialResponse) {
......
......@@ -33,3 +33,15 @@ export function parseAPIErrors(responseData, parentField) {
}
return errors
}
export function getCookie(name) {
return document.cookie
.split('; ')
.find(row => row.startsWith(name))
.split('=')[1];
}
export function setCsrf(xhr) {
if (getCookie('csrftoken')) {
xhr.setRequestHeader('X-CSRFToken', getCookie('csrftoken'))
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment