Mirrors/Stirling-PDF
Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2025-11-01 01:21:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

csrf fixes (#2647)

Browse Source 
# Description

Please provide a summary of the changes, including relevant motivation
and context.

Closes #(issue_number)

## Checklist

- [ ] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [ ] I have performed a self-review of my own code
- [ ] I have attached images of the change if it is UI based
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] If my code has heavily changed functionality I have updated
relevant docs on [Stirling-PDFs doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
- [ ] My changes generate no new warnings
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)
This commit is contained in:
Anthony Stirling 2025-01-08 17:10:34 +00:00 committed by GitHub
parent ad50e90a03
commit f8e1ce6a7b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
src/main/resources/static/js/csrf.js Normal file
View File

@ -0,0 +1,37 @@
document.addEventListener('DOMContentLoaded', function() {
// Get CSRF token from cookie
const getCsrfToken = () => {
return document.cookie
.split('; ')
.find(row => row.startsWith('XSRF-TOKEN='))
?.split('=')[1];
};
// Function to decode the URI-encoded cookie value
const decodeCsrfToken = (token) => {
if (token) {
return decodeURIComponent(token);
}
return null;
};
// Find all forms and add CSRF token
const forms = document.querySelectorAll('form');
const csrfToken = decodeCsrfToken(getCsrfToken());
// Only proceed if we have a cookie-based token
if (csrfToken) {
forms.forEach(form => {
// Only now remove existing CSRF input fields since we have a new token
const existingCsrfInputs = form.querySelectorAll('input[name="_csrf"]');
existingCsrfInputs.forEach(input => input.remove());
// Create and add new CSRF input field
const csrfInput = document.createElement('input');
csrfInput.type = 'hidden';
csrfInput.name = '_csrf';
csrfInput.value = csrfToken;
form.appendChild(csrfInput);
});
}
});

1
src/main/resources/templates/fragments/common.html
View File

@ -73,6 +73,7 @@
<script th:src="@{'/js/cacheFormInputs.js'}" th:if="${currentPage != 'home'}"></script> <script th:src="@{'/js/cacheFormInputs.js'}" th:if="${currentPage != 'home'}"></script>
<script th:src="@{'/js/tab-container.js'}"></script> <script th:src="@{'/js/tab-container.js'}"></script>
<script th:src="@{'/js/darkmode.js'}"></script> <script th:src="@{'/js/darkmode.js'}"></script>
<script th:src="@{'/js/csrf.js'}"></script>
<script th:inline="javascript"> <script th:inline="javascript">
const stirlingPDFLabel = /*[[${@StirlingPDFLabel}]]*/ ''; const stirlingPDFLabel = /*[[${@StirlingPDFLabel}]]*/ '';
const analyticsEnabled = /*[[${@analyticsEnabled}]]*/ false; const analyticsEnabled = /*[[${@analyticsEnabled}]]*/ false;