Merge pull request #454 from seanmorley15/csrf_error

Csrf error
2025-08-04 20:55:19 +02:00 · 2025-01-17 17:15:42 -05:00 · 2025-01-17 17:15:42 -05:00 · 6289c7e305
commit 6289c7e305
parent 5b4092ba6c 0cee4c386d
11 changed files with 32 additions and 18 deletions
--- a/frontend/src/lib/components/AdventureCard.svelte
+++ b/frontend/src/lib/components/AdventureCard.svelte
@ -60,11 +60,8 @@
 	}

 	async function deleteAdventure() {
-		let res = await fetch(`/adventures/${adventure.id}?/delete`, {
-			method: 'POST',
-			headers: {
-				'Content-Type': 'application/x-www-form-urlencoded'
-			}
+		let res = await fetch(`/api/adventures/${adventure.id}`, {
+			method: 'DELETE'
 		});
 		if (res.ok) {
 			addToast('info', $t('adventures.adventure_delete_success'));
--- a/frontend/src/routes/activities/+page.server.ts
+++ b/frontend/src/routes/activities/+page.server.ts
@ -37,7 +37,8 @@ export const actions: Actions = {
 			headers: {
 				'X-CSRFToken': csrfToken,
 				'Content-Type': 'application/json',
-				Cookie: `csrftoken=${csrfToken}`
+				Cookie: `csrftoken=${csrfToken}`,
+				Referer: event.url.origin // Include Referer header
 			}
 		});
 		console.log(res);
--- a/frontend/src/routes/adventures/+page.server.ts
+++ b/frontend/src/routes/adventures/+page.server.ts
@ -69,7 +69,8 @@ export const actions: Actions = {
 			method: 'POST',
 			headers: {
 				Cookie: `csrftoken=${csrfToken}; sessionid=${sessionId}`,
-				'X-CSRFToken': csrfToken
+				'X-CSRFToken': csrfToken,
+				Referer: event.url.origin // Include Referer header
 			},
 			body: formData
 		});
--- a/frontend/src/routes/adventures/[id]/+page.server.ts
+++ b/frontend/src/routes/adventures/[id]/+page.server.ts
@ -66,7 +66,9 @@ export const actions: Actions = {
 		let res = await fetch(`${serverEndpoint}/api/adventures/${event.params.id}`, {
 			method: 'DELETE',
 			headers: {
-				Cookie: `sessionid=${event.cookies.get('sessionid')}; csrftoken=${csrfToken}`,
+				Referer: event.url.origin, // Include Referer header
+				Cookie: `sessionid=${event.cookies.get('sessionid')};
+				csrftoken=${csrfToken}`,
 				'X-CSRFToken': csrfToken
 			},
 			credentials: 'include'
--- a/frontend/src/routes/collections/+page.server.ts
+++ b/frontend/src/routes/collections/+page.server.ts
@ -96,6 +96,7 @@ export const actions: Actions = {
 			method: 'POST',
 			headers: {
 				'X-CSRFToken': csrfToken,
+				Referer: event.url.origin, // Include Referer header
 				Cookie: `sessionid=${sessionid}; csrftoken=${csrfToken}`
 			},
 			body: formDataToSend
@ -174,9 +175,11 @@ export const actions: Actions = {
 			method: 'PATCH',
 			headers: {
 				'X-CSRFToken': csrfToken,
-				Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`
+				Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`,
+				Referer: event.url.origin // Include Referer header
 			},
 			body: formDataToSend,
+
 			credentials: 'include'
 		});

--- a/frontend/src/routes/collections/[id]/+page.server.ts
+++ b/frontend/src/routes/collections/[id]/+page.server.ts
@ -63,7 +63,8 @@ export const actions: Actions = {
 			headers: {
 				Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`,
 				'Content-Type': 'application/json',
-				'X-CSRFToken': csrfToken
+				'X-CSRFToken': csrfToken,
+				Referer: event.url.origin // Include Referer header
 			},
 			credentials: 'include'
 		});
--- a/frontend/src/routes/login/+page.server.ts
+++ b/frontend/src/routes/login/+page.server.ts
@ -46,7 +46,8 @@ export const actions: Actions = {
 			headers: {
 				'X-CSRFToken': csrfToken,
 				'Content-Type': 'application/json',
-				Cookie: `csrftoken=${csrfToken}`
+				Cookie: `csrftoken=${csrfToken}`,
+				Referer: event.url.origin // Include Referer header
 			},
 			body: JSON.stringify({ username, password }),
 			credentials: 'include'
@ -73,7 +74,8 @@ export const actions: Actions = {
 						headers: {
 							'X-CSRFToken': csrfToken,
 							'Content-Type': 'application/json',
-							Cookie: `csrftoken=${csrfToken}; sessionid=${sessionId}`
+							Cookie: `csrftoken=${csrfToken}; sessionid=${sessionId}`,
+							Referer: event.url.origin // Include Referer header
 						},
 						body: JSON.stringify({ code: totp }),
 						credentials: 'include'
--- a/frontend/src/routes/signup/+page.server.ts
+++ b/frontend/src/routes/signup/+page.server.ts
@ -56,7 +56,8 @@ export const actions: Actions = {
 			headers: {
 				'X-CSRFToken': csrfToken,
 				'Content-Type': 'application/json',
-				Cookie: `csrftoken=${csrfToken}`
+				Cookie: `csrftoken=${csrfToken}`,
+				Referer: event.url.origin // Include Referer header
 			},
 			body: JSON.stringify({
 				username: username,
--- a/frontend/src/routes/user/reset-password/+page.server.ts
+++ b/frontend/src/routes/user/reset-password/+page.server.ts
@ -21,7 +21,8 @@ export const actions: Actions = {
 			headers: {
 				'Content-Type': 'application/json',
 				'X-CSRFToken': csrfToken,
-				Cookie: `csrftoken=${csrfToken}`
+				Cookie: `csrftoken=${csrfToken}`,
+				Referer: event.url.origin // Include Referer header
 			},
 			body: JSON.stringify({
 				email
--- a/frontend/src/routes/user/reset-password/[key]/+page.server.ts
+++ b/frontend/src/routes/user/reset-password/[key]/+page.server.ts
@ -35,7 +35,8 @@ export const actions: Actions = {
 				headers: {
 					'Content-Type': 'application/json',
 					Cookie: `csrftoken=${csrfToken}`,
-					'X-CSRFToken': csrfToken
+					'X-CSRFToken': csrfToken,
+					Referer: event.url.origin // Include Referer header
 				},
 				method: 'POST',
 				credentials: 'include',