Skip to content

Commit

Permalink
Merge pull request #454 from seanmorley15/csrf_error
Browse files Browse the repository at this point in the history 
Csrf error
  • Loading branch information
@seanmorley15
seanmorley15 authored Jan 17, 2025
2 parents 5b4092b + 0cee4c3 commit 6289c7e
Show file tree
Hide file tree
Showing 11 changed files with 32 additions and 18 deletions.
10 changes: 7 additions & 3 deletions docker-compose-traefik.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,9 @@ services:
- "traefik.http.routers.adventurelogweb.entrypoints=websecure"
- "traefik.http.routers.adventurelogweb.rule=Host(`yourdomain.com`) && !(PathPrefix(`/media`) || PathPrefix(`/admin`) || PathPrefix(`/static`))" # Replace with your domain
- "traefik.http.routers.adventurelogweb.tls=true"
- "traefik.http.routers.adventurelogweb.tls.certresolver=letsencrypt"
- "traefik.http.routers.adventurelogweb.tls.certresolver=letsencrypt"
depends_on:
- server

server:
image: ghcr.io/seanmorley15/adventurelog-backend:latest
Expand All @@ -64,9 +66,11 @@ services:
labels:
- "traefik.enable=true"
- "traefik.http.routers.adventurelogserver.entrypoints=websecure"
- "traefik.http.routers.adventurelogserver.rule=Host(`yourdomain.com`) && && (PathPrefix(`/media`) || PathPrefix(`/admin`) || PathPrefix(`/static`))" # Replace with your domain
- "traefik.http.routers.adventurelogserver.rule=Host(`yourdomain.com`) && (PathPrefix(`/media`) || PathPrefix(`/admin`) || PathPrefix(`/static`))" # Replace with your domain
- "traefik.http.routers.adventurelogserver.tls=true"
- "traefik.http.routers.adventurelogserver.tls.certresolver=letsencrypt"
- "traefik.http.routers.adventurelogserver.tls.certresolver=letsencrypt"
depends_on:
- db

volumes:
postgres-data:
Expand Down
7 changes: 2 additions & 5 deletions frontend/src/lib/components/AdventureCard.svelte
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,8 @@
}
async function deleteAdventure() {
let res = await fetch(`/adventures/${adventure.id}?/delete`, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
}
let res = await fetch(`/api/adventures/${adventure.id}`, {
method: 'DELETE'
});
if (res.ok) {
addToast('info', $t('adventures.adventure_delete_success'));
Expand Down
3 changes: 2 additions & 1 deletion frontend/src/routes/activities/+page.server.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,8 @@ export const actions: Actions = {
headers: {
'X-CSRFToken': csrfToken,
'Content-Type': 'application/json',
Cookie: `csrftoken=${csrfToken}`
Cookie: `csrftoken=${csrfToken}`,
Referer: event.url.origin // Include Referer header
}
});
console.log(res);
Expand Down
3 changes: 2 additions & 1 deletion frontend/src/routes/adventures/+page.server.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,8 @@ export const actions: Actions = {
method: 'POST',
headers: {
Cookie: `csrftoken=${csrfToken}; sessionid=${sessionId}`,
'X-CSRFToken': csrfToken
'X-CSRFToken': csrfToken,
Referer: event.url.origin // Include Referer header
},
body: formData
});
Expand Down
4 changes: 3 additions & 1 deletion frontend/src/routes/adventures/[id]/+page.server.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,9 @@ export const actions: Actions = {
let res = await fetch(`${serverEndpoint}/api/adventures/${event.params.id}`, {
method: 'DELETE',
headers: {
Cookie: `sessionid=${event.cookies.get('sessionid')}; csrftoken=${csrfToken}`,
Referer: event.url.origin, // Include Referer header
Cookie: `sessionid=${event.cookies.get('sessionid')};
csrftoken=${csrfToken}`,
'X-CSRFToken': csrfToken
},
credentials: 'include'
Expand Down
5 changes: 4 additions & 1 deletion frontend/src/routes/collections/+page.server.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ export const actions: Actions = {
method: 'POST',
headers: {
'X-CSRFToken': csrfToken,
Referer: event.url.origin, // Include Referer header
Cookie: `sessionid=${sessionid}; csrftoken=${csrfToken}`
},
body: formDataToSend
Expand Down Expand Up @@ -174,9 +175,11 @@ export const actions: Actions = {
method: 'PATCH',
headers: {
'X-CSRFToken': csrfToken,
Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`
Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`,
Referer: event.url.origin // Include Referer header
},
body: formDataToSend,

credentials: 'include'
});

Expand Down
3 changes: 2 additions & 1 deletion frontend/src/routes/collections/[id]/+page.server.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,8 @@ export const actions: Actions = {
headers: {
Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`,
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken
'X-CSRFToken': csrfToken,
Referer: event.url.origin // Include Referer header
},
credentials: 'include'
});
Expand Down
6 changes: 4 additions & 2 deletions frontend/src/routes/login/+page.server.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,8 @@ export const actions: Actions = {
headers: {
'X-CSRFToken': csrfToken,
'Content-Type': 'application/json',
Cookie: `csrftoken=${csrfToken}`
Cookie: `csrftoken=${csrfToken}`,
Referer: event.url.origin // Include Referer header
},
body: JSON.stringify({ username, password }),
credentials: 'include'
Expand All @@ -73,7 +74,8 @@ export const actions: Actions = {
headers: {
'X-CSRFToken': csrfToken,
'Content-Type': 'application/json',
Cookie: `csrftoken=${csrfToken}; sessionid=${sessionId}`
Cookie: `csrftoken=${csrfToken}; sessionid=${sessionId}`,
Referer: event.url.origin // Include Referer header
},
body: JSON.stringify({ code: totp }),
credentials: 'include'
Expand Down
3 changes: 2 additions & 1 deletion frontend/src/routes/signup/+page.server.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,8 @@ export const actions: Actions = {
headers: {
'X-CSRFToken': csrfToken,
'Content-Type': 'application/json',
Cookie: `csrftoken=${csrfToken}`
Cookie: `csrftoken=${csrfToken}`,
Referer: event.url.origin // Include Referer header
},
body: JSON.stringify({
username: username,
Expand Down
3 changes: 2 additions & 1 deletion frontend/src/routes/user/reset-password/+page.server.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,8 @@ export const actions: Actions = {
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken,
Cookie: `csrftoken=${csrfToken}`
Cookie: `csrftoken=${csrfToken}`,
Referer: event.url.origin // Include Referer header
},
body: JSON.stringify({
email
Expand Down
3 changes: 2 additions & 1 deletion frontend/src/routes/user/reset-password/[key]/+page.server.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,8 @@ export const actions: Actions = {
headers: {
'Content-Type': 'application/json',
Cookie: `csrftoken=${csrfToken}`,
'X-CSRFToken': csrfToken
'X-CSRFToken': csrfToken,
Referer: event.url.origin // Include Referer header
},
method: 'POST',
credentials: 'include',
Expand Down

0 comments on commit 6289c7e

Please sign in to comment.