mirror of
https://github.com/Frooodle/Stirling-PDF.git
synced 2025-06-11 01:16:51 +02:00
csrf fixes (#2647)
# Description Please provide a summary of the changes, including relevant motivation and context. Closes #(issue_number) ## Checklist - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have performed a self-review of my own code - [ ] I have attached images of the change if it is UI based - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] If my code has heavily changed functionality I have updated relevant docs on [Stirling-PDFs doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) - [ ] My changes generate no new warnings - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only)
This commit is contained in:
parent
ad50e90a03
commit
f8e1ce6a7b
37
src/main/resources/static/js/csrf.js
Normal file
37
src/main/resources/static/js/csrf.js
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
document.addEventListener('DOMContentLoaded', function() {
|
||||||
|
// Get CSRF token from cookie
|
||||||
|
const getCsrfToken = () => {
|
||||||
|
return document.cookie
|
||||||
|
.split('; ')
|
||||||
|
.find(row => row.startsWith('XSRF-TOKEN='))
|
||||||
|
?.split('=')[1];
|
||||||
|
};
|
||||||
|
|
||||||
|
// Function to decode the URI-encoded cookie value
|
||||||
|
const decodeCsrfToken = (token) => {
|
||||||
|
if (token) {
|
||||||
|
return decodeURIComponent(token);
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
};
|
||||||
|
|
||||||
|
// Find all forms and add CSRF token
|
||||||
|
const forms = document.querySelectorAll('form');
|
||||||
|
const csrfToken = decodeCsrfToken(getCsrfToken());
|
||||||
|
|
||||||
|
// Only proceed if we have a cookie-based token
|
||||||
|
if (csrfToken) {
|
||||||
|
forms.forEach(form => {
|
||||||
|
// Only now remove existing CSRF input fields since we have a new token
|
||||||
|
const existingCsrfInputs = form.querySelectorAll('input[name="_csrf"]');
|
||||||
|
existingCsrfInputs.forEach(input => input.remove());
|
||||||
|
|
||||||
|
// Create and add new CSRF input field
|
||||||
|
const csrfInput = document.createElement('input');
|
||||||
|
csrfInput.type = 'hidden';
|
||||||
|
csrfInput.name = '_csrf';
|
||||||
|
csrfInput.value = csrfToken;
|
||||||
|
form.appendChild(csrfInput);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
});
|
@ -73,6 +73,7 @@
|
|||||||
<script th:src="@{'/js/cacheFormInputs.js'}" th:if="${currentPage != 'home'}"></script>
|
<script th:src="@{'/js/cacheFormInputs.js'}" th:if="${currentPage != 'home'}"></script>
|
||||||
<script th:src="@{'/js/tab-container.js'}"></script>
|
<script th:src="@{'/js/tab-container.js'}"></script>
|
||||||
<script th:src="@{'/js/darkmode.js'}"></script>
|
<script th:src="@{'/js/darkmode.js'}"></script>
|
||||||
|
<script th:src="@{'/js/csrf.js'}"></script>
|
||||||
<script th:inline="javascript">
|
<script th:inline="javascript">
|
||||||
const stirlingPDFLabel = /*[[${@StirlingPDFLabel}]]*/ '';
|
const stirlingPDFLabel = /*[[${@StirlingPDFLabel}]]*/ '';
|
||||||
const analyticsEnabled = /*[[${@analyticsEnabled}]]*/ false;
|
const analyticsEnabled = /*[[${@analyticsEnabled}]]*/ false;
|
||||||
|
Loading…
Reference in New Issue
Block a user