From c98cd8117fa5cf59a1c1d7a0d6c1c375b7e31843 Mon Sep 17 00:00:00 2001
From: Reece Browne <reecebrowne1995@gmail.com>
Date: Thu, 12 Dec 2024 13:07:50 +0000
Subject: [PATCH] CSRF token for decryption

---
 src/main/resources/static/js/DecryptFiles.js | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/main/resources/static/js/DecryptFiles.js b/src/main/resources/static/js/DecryptFiles.js
index b2dbcac4..a06687b1 100644
--- a/src/main/resources/static/js/DecryptFiles.js
+++ b/src/main/resources/static/js/DecryptFiles.js
@@ -1,6 +1,20 @@
 export class DecryptFile {
   async decryptFile(file, requiresPassword) {
     try {
+      async function getCsrfToken() {
+        const cookieValue = document.cookie
+          .split('; ')
+          .find((row) => row.startsWith('XSRF-TOKEN='))
+          ?.split('=')[1];
+
+        if (cookieValue) {
+          return cookieValue;
+        }
+
+        const csrfElement = document.querySelector('input[name="_csrf"]');
+        return csrfElement ? csrfElement.value : null;
+      }
+      const csrfToken = await getCsrfToken();
       const formData = new FormData();
       formData.append('fileInput', file);
       if (requiresPassword) {
@@ -29,6 +43,7 @@ export class DecryptFile {
       const response = await fetch('/api/v1/security/remove-password', {
         method: 'POST',
         body: formData,
+        headers: csrfToken ? {'X-XSRF-TOKEN': csrfToken} : undefined,
       });
 
       if (response.ok) {