fix: include Referer header in user-related API requests

seanmorley15 · Jan 18, 2025 · 1a7643b · 1a7643b
1 parent 75162bb
commit 1a7643b
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/frontend/src/routes/settings/+page.server.ts b/frontend/src/routes/settings/+page.server.ts
@@ -107,7 +107,8 @@ export const actions: Actions = {
 
 			const resCurrent = await fetch(`${endpoint}/auth/user-metadata/`, {
 				headers: {
-					Cookie: `sessionid=${sessionId}`
+					Cookie: `sessionid=${sessionId}`,
+					Referer: event.url.origin // Include Referer header
 				}
 			});
 
@@ -158,6 +159,7 @@ export const actions: Actions = {
 			let res = await fetch(`${endpoint}/auth/update-user/`, {
 				method: 'PATCH',
 				headers: {
+					Referer: event.url.origin, // Include Referer header
 					Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`,
 					'X-CSRFToken': csrfToken
 				},
@@ -209,6 +211,7 @@ export const actions: Actions = {
 			let res = await fetch(`${endpoint}/_allauth/browser/v1/account/password/change`, {
 				method: 'POST',
 				headers: {
+					Referer: event.url.origin, // Include Referer header
 					Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`,
 					'X-CSRFToken': csrfToken,
 					'Content-Type': 'application/json'
@@ -226,6 +229,7 @@ export const actions: Actions = {
 			let res = await fetch(`${endpoint}/_allauth/browser/v1/account/password/change`, {
 				method: 'POST',
 				headers: {
+					Referer: event.url.origin, // Include Referer header
 					Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`,
 					'X-CSRFToken': csrfToken,
 					'Content-Type': 'application/json'
@@ -258,6 +262,7 @@ export const actions: Actions = {
 			let res = await fetch(`${endpoint}/auth/change-email/`, {
 				method: 'POST',
 				headers: {
+					Referer: event.url.origin, // Include Referer header
 					Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`,
 					'Content-Type': 'application/json',
 					'X-CSRFToken': csrfToken