21ab20bba9
* revert: reverts csrf-csrf back to csurf This reverts csrf-csrf change brought on by `9e3119` in #1393 back to `csurf` that is maintained * fix: type declarations for csurf
47 lines
1.2 KiB
TypeScript
47 lines
1.2 KiB
TypeScript
const getCsrfToken = (): string | null => {
|
|
if (typeof window !== 'undefined') {
|
|
const match = document.cookie.match(/XSRF-TOKEN=([^;]+)/);
|
|
return match ? decodeURIComponent(match[1]) : null;
|
|
}
|
|
return null;
|
|
};
|
|
|
|
const isSameOrigin = (url: RequestInfo | URL): boolean => {
|
|
const parsedUrl = new URL(
|
|
url instanceof Request ? url.url : url.toString(),
|
|
window.location.origin
|
|
);
|
|
return parsedUrl.origin === window.location.origin;
|
|
};
|
|
|
|
// We are using a custom fetch implementation to add the X-XSRF-TOKEN heade
|
|
// to all requests. This is required when CSRF protection is enabled.
|
|
if (typeof window !== 'undefined') {
|
|
const originalFetch: typeof fetch = window.fetch;
|
|
|
|
(window as typeof globalThis).fetch = async (
|
|
input: RequestInfo | URL,
|
|
init?: RequestInit
|
|
): Promise<Response> => {
|
|
if (!isSameOrigin(input)) {
|
|
return originalFetch(input, init);
|
|
}
|
|
|
|
const csrfToken = getCsrfToken();
|
|
|
|
const headers = {
|
|
...(init?.headers || {}),
|
|
...(csrfToken ? { 'XSRF-TOKEN': csrfToken } : {}),
|
|
};
|
|
|
|
const newInit: RequestInit = {
|
|
...init,
|
|
headers,
|
|
};
|
|
|
|
return originalFetch(input, newInit);
|
|
};
|
|
}
|
|
|
|
export {};
|