Mirrors/Stirling-PDF
Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2025-11-01 01:21:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

csrf fixes

Browse Source
This commit is contained in:
Anthony Stirling 2024-12-14 10:42:07 +00:00
parent 24717dde19
commit 1f1c414138
7 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/resources/static/js/downloader.js
View File

@ -140,7 +140,7 @@
let errorMessage = null; let errorMessage = null;
try { try {
const response = await fetch(url, {method: 'POST', body: formData}); const response = await window.fetchWithCsrf(url, {method: 'POST', body: formData});
const contentType = response.headers.get('content-type'); const contentType = response.headers.get('content-type');
if (!response.ok) { if (!response.ok) {

1
src/main/resources/static/js/fetch-utils.js
View File

@ -8,7 +8,6 @@ window.fetchWithCsrf = async function(url, options = {}) {
if (cookieValue) { if (cookieValue) {
return cookieValue; return cookieValue;
} }
const csrfElement = document.querySelector('input[name="_csrf"]'); const csrfElement = document.querySelector('input[name="_csrf"]');
return csrfElement ? csrfElement.value : null; return csrfElement ? csrfElement.value : null;
} }

4
src/main/resources/templates/account.html
View File

@ -196,7 +196,7 @@
/*<![CDATA[*/ /*<![CDATA[*/
const urlGetApiKey = /*[[@{/api/v1/user/get-api-key}]]*/ "/api/v1/user/get-api-key"; const urlGetApiKey = /*[[@{/api/v1/user/get-api-key}]]*/ "/api/v1/user/get-api-key";
/*]]>*/ /*]]>*/
let response = await fetch(urlGetApiKey, { method: 'POST' }); let response = await window.fetchWithCsrf(urlGetApiKey, { method: 'POST' });
if (response.status === 200) { if (response.status === 200) {
let apiKey = await response.text(); let apiKey = await response.text();
manageUIState(apiKey); manageUIState(apiKey);
@ -213,7 +213,7 @@
/*<![CDATA[*/ /*<![CDATA[*/
const urlUpdateApiKey = /*[[@{/api/v1/user/update-api-key}]]*/ "/api/v1/user/update-api-key"; const urlUpdateApiKey = /*[[@{/api/v1/user/update-api-key}]]*/ "/api/v1/user/update-api-key";
/*]]>*/ /*]]>*/
let response = await fetch(urlUpdateApiKey, { method: 'POST' }); let response = await window.fetchWithCsrf(urlUpdateApiKey, { method: 'POST' });
if (response.status === 200) { if (response.status === 200) {
let apiKey = await response.text(); let apiKey = await response.text();
manageUIState(apiKey); manageUIState(apiKey);

2
src/main/resources/templates/fragments/common.html
View File

@ -24,7 +24,7 @@
<script> <script>
window.stirlingPDF = window.stirlingPDF || {}; window.stirlingPDF = window.stirlingPDF || {};
</script> </script>
<script th:src="@{'/js/fetch-utils.js'}"></script>
<!-- jQuery --> <!-- jQuery -->
<script th:src="@{'/js/thirdParty/jquery.min.js'}"></script> <script th:src="@{'/js/thirdParty/jquery.min.js'}"></script>
<script th:src="@{'/js/thirdParty/jquery.validate.min.js'}"></script> <script th:src="@{'/js/thirdParty/jquery.validate.min.js'}"></script>

2
src/main/resources/templates/fragments/navbar.html
View File

@ -14,6 +14,7 @@
</script> </script>
<script th:src="@{'/js/homecard.js'}"></script> <script th:src="@{'/js/homecard.js'}"></script>
<script th:src="@{'/js/githubVersion.js'}"></script> <script th:src="@{'/js/githubVersion.js'}"></script>
<form th:action="@{'/dummyFormToPopulateCSRF'}" method="post" enctype="multipart/form-data"></form>
<nav class="navbar navbar-expand-xl"> <nav class="navbar navbar-expand-xl">
<div class="container "> <div class="container ">
<a class="navbar-brand" th:href="@{'/'}" style="display: flex;"> <a class="navbar-brand" th:href="@{'/'}" style="display: flex;">
@ -376,7 +377,6 @@
<span class="go-pro-badge" th:text="#{enterpriseEdition.button}"></span> <span class="go-pro-badge" th:text="#{enterpriseEdition.button}"></span>
</a> </a>
</li> </li>
<li class="nav-item"> <li class="nav-item">
<!-- Settings Button --> <!-- Settings Button -->
<a href="#" class="nav-link" data-bs-toggle="modal" data-bs-target="#settingsModal" th:title="#{navbar.settings}"> <a href="#" class="nav-link" data-bs-toggle="modal" data-bs-target="#settingsModal" th:title="#{navbar.settings}">

2
src/main/resources/templates/misc/remove-annotations.html
View File

@ -38,7 +38,7 @@
const processFile = async (file) => { const processFile = async (file) => {
const origFileUrl = URL.createObjectURL(file); const origFileUrl = URL.createObjectURL(file);
const formPdfBytes = await fetch(origFileUrl).then(res => res.arrayBuffer()); const formPdfBytes = await window.fetchWithCsrf(origFileUrl).then(res => res.arrayBuffer());
const pdfDoc = await PDFDocument.load(formPdfBytes, { ignoreEncryption: true }); const pdfDoc = await PDFDocument.load(formPdfBytes, { ignoreEncryption: true });
const pages = pdfDoc.getPages(); const pages = pdfDoc.getPages();

2
src/main/resources/templates/security/validate-signature.html
View File

@ -102,7 +102,7 @@ document.querySelector('#pdfForm').addEventListener('submit', async (e) => {
formData.append('certFile', certInput.files[0]); formData.append('certFile', certInput.files[0]);
} }
try { try {
const response = await fetch(e.target.action, { const response = await window.fetchWithCsrf(e.target.action, {
method: 'POST', method: 'POST',
body: formData body: formData
}); });