Commit 006b22ab authored by Elouan Martinet's avatar Elouan Martinet
Browse files

wip

parent 9ea81df0eb5d
Pipeline #87460 failed with stages
in 2 minutes and 4 seconds
......@@ -29,13 +29,13 @@ function getCookieValueFromString(cookiesString: string, name: string) {
return getCookieValueFromArray(cookies, name);
}
function hasCookiesSupport(): boolean {
return typeof document !== 'undefined' && typeof document.cookie !== 'undefined'
}
function getCookie(name: string) {
// When runnnig in node, document is not defined and we can't use cookies
if (
typeof document !== 'undefined' &&
document.cookie &&
document.cookie !== ''
) {
if (document.cookie !== '') {
return getCookieValueFromString(document.cookie, name);
}
return null;
......@@ -105,14 +105,32 @@ function doRequestFetch(
if (!uri.startsWith('http')) {
uri = 'http://' + uri;
}
if (method !== 'GET' && !allowsCrossOrigin) {
if (csrfToken === null) {
csrfToken = getCookie('csrf_token');
if (method !== 'GET') {
if (hasCookiesSupport()) {
if (!allowsCrossOrigin) {
if (csrfToken === null) {
csrfToken = getCookie('csrf_token');
}
// FIXME else throw an exception
} else {
// TODO implement CSRF for cross origin in a browser
// TODO probably do the same as in nodejs, although unsure if:
// TODO * check if Origin header is already sent
// TODO * csrf_token cookie is added in browser's own cookie jar
// TODO => still need to retrieve the cookie to add the token in a header
// TODO don't forget to throw an exception when csrf_token cookie is not sent
}
}
if (csrfToken !== null) {
headers.append('X-CSRF-Token', csrfToken);
else {
// TODO request base url, grab token, add csrf_token to cookie jar
// TODO throw an exception when csrf_token cookie is not returned by that request
// FIXME what about requestFetchWithCookies and cookie jar???
// TODO send Origin header on requests
}
}
if (csrfToken !== null) {
headers.append('X-CSRF-Token', csrfToken);
}
return fetch(uri, {
method: method,
body: content,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment