NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-07-15 11:42:52 -06:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

#101700 change csrf token access

Browse Source
This commit is contained in:
Arthur 2022-08-29 14:40:03 -07:00
parent 249b8b0363
commit c12e545ccd
12 changed files with 6 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
netbox/project-static/dist/config.js vendored
View File

Binary file not shown.

BIN
netbox/project-static/dist/config.js.map vendored
View File

Binary file not shown.

BIN
netbox/project-static/dist/lldp.js vendored
View File

Binary file not shown.

BIN
netbox/project-static/dist/lldp.js.map vendored
View File

Binary file not shown.

BIN
netbox/project-static/dist/netbox.js vendored
View File

Binary file not shown.

BIN
netbox/project-static/dist/netbox.js.map vendored
View File

Binary file not shown.

BIN
netbox/project-static/dist/status.js vendored
View File

Binary file not shown.

BIN
netbox/project-static/dist/status.js.map vendored
View File

Binary file not shown.

1
netbox/project-static/package.json
View File

@ -27,7 +27,6 @@
"bootstrap": "~5.0.2", "bootstrap": "~5.0.2",
"clipboard": "^2.0.8", "clipboard": "^2.0.8",
"color2k": "^1.2.4", "color2k": "^1.2.4",
"cookie": "^0.4.1",
"dayjs": "^1.10.4", "dayjs": "^1.10.4",
"flatpickr": "4.6.3", "flatpickr": "4.6.3",
"htmx.org": "^1.6.1", "htmx.org": "^1.6.1",

19
netbox/project-static/src/util.ts
View File

@ -1,9 +1,11 @@
import Cookie from 'cookie';
type Method = 'GET' | 'POST' | 'PATCH' | 'PUT' | 'DELETE'; type Method = 'GET' | 'POST' | 'PATCH' | 'PUT' | 'DELETE';
type ReqData = URLSearchParams | Dict | undefined | unknown; type ReqData = URLSearchParams | Dict | undefined | unknown;
type SelectedOption = { name: string; options: string[] }; type SelectedOption = { name: string; options: string[] };
declare global {
interface Window { CSRF_TOKEN: any; }
}
/** /**
* Infer valid HTMLElement props based on element name. * Infer valid HTMLElement props based on element name.
*/ */
@ -93,23 +95,12 @@ export function isElement(obj: Element | null | undefined): obj is Element {
return typeof obj !== null && typeof obj !== 'undefined'; return typeof obj !== null && typeof obj !== 'undefined';
} }
/**
* Retrieve the CSRF token from cookie storage.
*/
function getCsrfToken(): string {
const { csrftoken: csrfToken } = Cookie.parse(document.cookie);
if (typeof csrfToken === 'undefined') {
throw new Error('Invalid or missing CSRF token');
}
return csrfToken;
}
export async function apiRequest<R extends Dict, D extends ReqData = undefined>( export async function apiRequest<R extends Dict, D extends ReqData = undefined>(
url: string, url: string,
method: Method, method: Method,
data?: D, data?: D,
): Promise<APIResponse<R>> { ): Promise<APIResponse<R>> {
const token = getCsrfToken(); const token = window.CSRF_TOKEN;
const headers = new Headers({ 'X-CSRFToken': token }); const headers = new Headers({ 'X-CSRFToken': token });
let body; let body;

5
netbox/project-static/yarn.lock
View File

@ -737,11 +737,6 @@ configstore@^3.0.0:
write-file-atomic "^2.0.0" write-file-atomic "^2.0.0"
xdg-basedir "^3.0.0" xdg-basedir "^3.0.0"
cookie@^0.4.1:
version "0.4.1"
resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.1.tgz#afd713fe26ebd21ba95ceb61f9a8116e50a537d1"
integrity sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==
copy-to-clipboard@^3.2.0: copy-to-clipboard@^3.2.0:
version "3.3.1" version "3.3.1"
resolved "https://registry.yarnpkg.com/copy-to-clipboard/-/copy-to-clipboard-3.3.1.tgz#115aa1a9998ffab6196f93076ad6da3b913662ae" resolved "https://registry.yarnpkg.com/copy-to-clipboard/-/copy-to-clipboard-3.3.1.tgz#115aa1a9998ffab6196f93076ad6da3b913662ae"

1
netbox/templates/base/base.html
View File

@ -99,6 +99,7 @@
} }
return setMode("light", true); return setMode("light", true);
})(); })();
window.CSRF_TOKEN = "{{ csrf_token }}";
</script> </script>
{# Static resources #} {# Static resources #}