Docker/AdventureLog
Docker/AdventureLog
1
0
Fork 0
mirror of https://github.com/seanmorley15/AdventureLog.git synced 2025-08-04 20:55:19 +02:00
Code Issues Releases Activity

Merge pull request #454 from seanmorley15/csrf_error

Browse source 
Csrf error
This commit is contained in:
Sean Morley 2025-01-17 17:15:42 -05:00 committed by GitHub
commit 6289c7e305
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 32 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docker-compose-traefik.yaml
View file

@ -42,6 +42,8 @@ services:
- "traefik.http.routers.adventurelogweb.rule=Host(`yourdomain.com`) && !(PathPrefix(`/media`) || PathPrefix(`/admin`) || PathPrefix(`/static`))" # Replace with your domain - "traefik.http.routers.adventurelogweb.rule=Host(`yourdomain.com`) && !(PathPrefix(`/media`) || PathPrefix(`/admin`) || PathPrefix(`/static`))" # Replace with your domain
- "traefik.http.routers.adventurelogweb.tls=true" - "traefik.http.routers.adventurelogweb.tls=true"
- "traefik.http.routers.adventurelogweb.tls.certresolver=letsencrypt" - "traefik.http.routers.adventurelogweb.tls.certresolver=letsencrypt"
depends_on:
- server
server: server:
image: ghcr.io/seanmorley15/adventurelog-backend:latest image: ghcr.io/seanmorley15/adventurelog-backend:latest
@ -64,9 +66,11 @@ services:
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.adventurelogserver.entrypoints=websecure" - "traefik.http.routers.adventurelogserver.entrypoints=websecure"
- "traefik.http.routers.adventurelogserver.rule=Host(`yourdomain.com`) && && (PathPrefix(`/media`) || PathPrefix(`/admin`) || PathPrefix(`/static`))" # Replace with your domain - "traefik.http.routers.adventurelogserver.rule=Host(`yourdomain.com`) && (PathPrefix(`/media`) || PathPrefix(`/admin`) || PathPrefix(`/static`))" # Replace with your domain
- "traefik.http.routers.adventurelogserver.tls=true" - "traefik.http.routers.adventurelogserver.tls=true"
- "traefik.http.routers.adventurelogserver.tls.certresolver=letsencrypt" - "traefik.http.routers.adventurelogserver.tls.certresolver=letsencrypt"
depends_on:
- db
volumes: volumes:
postgres-data: postgres-data:

7
frontend/src/lib/components/AdventureCard.svelte
View file

@ -60,11 +60,8 @@
} }
async function deleteAdventure() { async function deleteAdventure() {
let res = await fetch(`/adventures/${adventure.id}?/delete`, { let res = await fetch(`/api/adventures/${adventure.id}`, {
method: 'POST', method: 'DELETE'
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
}
}); });
if (res.ok) { if (res.ok) {
addToast('info', $t('adventures.adventure_delete_success')); addToast('info', $t('adventures.adventure_delete_success'));

3
frontend/src/routes/activities/+page.server.ts
View file

@ -37,7 +37,8 @@ export const actions: Actions = {
headers: { headers: {
'X-CSRFToken': csrfToken, 'X-CSRFToken': csrfToken,
'Content-Type': 'application/json', 'Content-Type': 'application/json',
Cookie: `csrftoken=${csrfToken}` Cookie: `csrftoken=${csrfToken}`,
Referer: event.url.origin // Include Referer header
} }
}); });
console.log(res); console.log(res);

3
frontend/src/routes/adventures/+page.server.ts
View file

@ -69,7 +69,8 @@ export const actions: Actions = {
method: 'POST', method: 'POST',
headers: { headers: {
Cookie: `csrftoken=${csrfToken}; sessionid=${sessionId}`, Cookie: `csrftoken=${csrfToken}; sessionid=${sessionId}`,
'X-CSRFToken': csrfToken 'X-CSRFToken': csrfToken,
Referer: event.url.origin // Include Referer header
}, },
body: formData body: formData
}); });

4
frontend/src/routes/adventures/[id]/+page.server.ts
View file

@ -66,7 +66,9 @@ export const actions: Actions = {
let res = await fetch(`${serverEndpoint}/api/adventures/${event.params.id}`, { let res = await fetch(`${serverEndpoint}/api/adventures/${event.params.id}`, {
method: 'DELETE', method: 'DELETE',
headers: { headers: {
Cookie: `sessionid=${event.cookies.get('sessionid')}; csrftoken=${csrfToken}`, Referer: event.url.origin, // Include Referer header
Cookie: `sessionid=${event.cookies.get('sessionid')};
csrftoken=${csrfToken}`,
'X-CSRFToken': csrfToken 'X-CSRFToken': csrfToken
}, },
credentials: 'include' credentials: 'include'

5
frontend/src/routes/collections/+page.server.ts
View file

@ -96,6 +96,7 @@ export const actions: Actions = {
method: 'POST', method: 'POST',
headers: { headers: {
'X-CSRFToken': csrfToken, 'X-CSRFToken': csrfToken,
Referer: event.url.origin, // Include Referer header
Cookie: `sessionid=${sessionid}; csrftoken=${csrfToken}` Cookie: `sessionid=${sessionid}; csrftoken=${csrfToken}`
}, },
body: formDataToSend body: formDataToSend
@ -174,9 +175,11 @@ export const actions: Actions = {
method: 'PATCH', method: 'PATCH',
headers: { headers: {
'X-CSRFToken': csrfToken, 'X-CSRFToken': csrfToken,
Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}` Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`,
Referer: event.url.origin // Include Referer header
}, },
body: formDataToSend, body: formDataToSend,
credentials: 'include' credentials: 'include'
}); });

3
frontend/src/routes/collections/[id]/+page.server.ts
View file

@ -63,7 +63,8 @@ export const actions: Actions = {
headers: { headers: {
Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`, Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`,
'Content-Type': 'application/json', 'Content-Type': 'application/json',
'X-CSRFToken': csrfToken 'X-CSRFToken': csrfToken,
Referer: event.url.origin // Include Referer header
}, },
credentials: 'include' credentials: 'include'
}); });

6
frontend/src/routes/login/+page.server.ts
View file

@ -46,7 +46,8 @@ export const actions: Actions = {
headers: { headers: {
'X-CSRFToken': csrfToken, 'X-CSRFToken': csrfToken,
'Content-Type': 'application/json', 'Content-Type': 'application/json',
Cookie: `csrftoken=${csrfToken}` Cookie: `csrftoken=${csrfToken}`,
Referer: event.url.origin // Include Referer header
}, },
body: JSON.stringify({ username, password }), body: JSON.stringify({ username, password }),
credentials: 'include' credentials: 'include'
@ -73,7 +74,8 @@ export const actions: Actions = {
headers: { headers: {
'X-CSRFToken': csrfToken, 'X-CSRFToken': csrfToken,
'Content-Type': 'application/json', 'Content-Type': 'application/json',
Cookie: `csrftoken=${csrfToken}; sessionid=${sessionId}` Cookie: `csrftoken=${csrfToken}; sessionid=${sessionId}`,
Referer: event.url.origin // Include Referer header
}, },
body: JSON.stringify({ code: totp }), body: JSON.stringify({ code: totp }),
credentials: 'include' credentials: 'include'

3
frontend/src/routes/signup/+page.server.ts
View file

@ -56,7 +56,8 @@ export const actions: Actions = {
headers: { headers: {
'X-CSRFToken': csrfToken, 'X-CSRFToken': csrfToken,
'Content-Type': 'application/json', 'Content-Type': 'application/json',
Cookie: `csrftoken=${csrfToken}` Cookie: `csrftoken=${csrfToken}`,
Referer: event.url.origin // Include Referer header
}, },
body: JSON.stringify({ body: JSON.stringify({
username: username, username: username,

3
frontend/src/routes/user/reset-password/+page.server.ts
View file

@ -21,7 +21,8 @@ export const actions: Actions = {
headers: { headers: {
'Content-Type': 'application/json', 'Content-Type': 'application/json',
'X-CSRFToken': csrfToken, 'X-CSRFToken': csrfToken,
Cookie: `csrftoken=${csrfToken}` Cookie: `csrftoken=${csrfToken}`,
Referer: event.url.origin // Include Referer header
}, },
body: JSON.stringify({ body: JSON.stringify({
email email

3
frontend/src/routes/user/reset-password/[key]/+page.server.ts
View file

@ -35,7 +35,8 @@ export const actions: Actions = {
headers: { headers: {
'Content-Type': 'application/json', 'Content-Type': 'application/json',
Cookie: `csrftoken=${csrfToken}`, Cookie: `csrftoken=${csrfToken}`,
'X-CSRFToken': csrfToken 'X-CSRFToken': csrfToken,
Referer: event.url.origin // Include Referer header
}, },
method: 'POST', method: 'POST',
credentials: 'include', credentials: 'include',