fix: include Referer header in API requests
This commit is contained in:
Sean Morley
@@ -37,7 +37,8 @@ export const actions: Actions = {
|
||||
headers: {
|
||||
'X-CSRFToken': csrfToken,
|
||||
'Content-Type': 'application/json',
|
||||
Cookie: `csrftoken=${csrfToken}`
|
||||
Cookie: `csrftoken=${csrfToken}`,
|
||||
Referer: event.url.origin // Include Referer header
|
||||
}
|
||||
});
|
||||
console.log(res);
|
||||
|
||||
@@ -69,7 +69,8 @@ export const actions: Actions = {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
Cookie: `csrftoken=${csrfToken}; sessionid=${sessionId}`,
|
||||
'X-CSRFToken': csrfToken
|
||||
'X-CSRFToken': csrfToken,
|
||||
Referer: event.url.origin // Include Referer header
|
||||
},
|
||||
body: formData
|
||||
});
|
||||
|
||||
@@ -66,7 +66,9 @@ export const actions: Actions = {
|
||||
let res = await fetch(`${serverEndpoint}/api/adventures/${event.params.id}`, {
|
||||
method: 'DELETE',
|
||||
headers: {
|
||||
Cookie: `sessionid=${event.cookies.get('sessionid')}; csrftoken=${csrfToken}`,
|
||||
Referer: event.url.origin, // Include Referer header
|
||||
Cookie: `sessionid=${event.cookies.get('sessionid')};
|
||||
csrftoken=${csrfToken}`,
|
||||
'X-CSRFToken': csrfToken
|
||||
},
|
||||
credentials: 'include'
|
||||
|
||||
@@ -96,6 +96,7 @@ export const actions: Actions = {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'X-CSRFToken': csrfToken,
|
||||
Referer: event.url.origin, // Include Referer header
|
||||
Cookie: `sessionid=${sessionid}; csrftoken=${csrfToken}`
|
||||
},
|
||||
body: formDataToSend
|
||||
@@ -174,9 +175,11 @@ export const actions: Actions = {
|
||||
method: 'PATCH',
|
||||
headers: {
|
||||
'X-CSRFToken': csrfToken,
|
||||
Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`
|
||||
Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`,
|
||||
Referer: event.url.origin // Include Referer header
|
||||
},
|
||||
body: formDataToSend,
|
||||
|
||||
credentials: 'include'
|
||||
});
|
||||
|
||||
|
||||
@@ -63,7 +63,8 @@ export const actions: Actions = {
|
||||
headers: {
|
||||
Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`,
|
||||
'Content-Type': 'application/json',
|
||||
'X-CSRFToken': csrfToken
|
||||
'X-CSRFToken': csrfToken,
|
||||
Referer: event.url.origin // Include Referer header
|
||||
},
|
||||
credentials: 'include'
|
||||
});
|
||||
|
||||
@@ -46,7 +46,8 @@ export const actions: Actions = {
|
||||
headers: {
|
||||
'X-CSRFToken': csrfToken,
|
||||
'Content-Type': 'application/json',
|
||||
Cookie: `csrftoken=${csrfToken}`
|
||||
Cookie: `csrftoken=${csrfToken}`,
|
||||
Referer: event.url.origin // Include Referer header
|
||||
},
|
||||
body: JSON.stringify({ username, password }),
|
||||
credentials: 'include'
|
||||
@@ -73,7 +74,8 @@ export const actions: Actions = {
|
||||
headers: {
|
||||
'X-CSRFToken': csrfToken,
|
||||
'Content-Type': 'application/json',
|
||||
Cookie: `csrftoken=${csrfToken}; sessionid=${sessionId}`
|
||||
Cookie: `csrftoken=${csrfToken}; sessionid=${sessionId}`,
|
||||
Referer: event.url.origin // Include Referer header
|
||||
},
|
||||
body: JSON.stringify({ code: totp }),
|
||||
credentials: 'include'
|
||||
|
||||
@@ -56,7 +56,8 @@ export const actions: Actions = {
|
||||
headers: {
|
||||
'X-CSRFToken': csrfToken,
|
||||
'Content-Type': 'application/json',
|
||||
Cookie: `csrftoken=${csrfToken}`
|
||||
Cookie: `csrftoken=${csrfToken}`,
|
||||
Referer: event.url.origin // Include Referer header
|
||||
},
|
||||
body: JSON.stringify({
|
||||
username: username,
|
||||
|
||||
@@ -21,7 +21,8 @@ export const actions: Actions = {
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
'X-CSRFToken': csrfToken,
|
||||
Cookie: `csrftoken=${csrfToken}`
|
||||
Cookie: `csrftoken=${csrfToken}`,
|
||||
Referer: event.url.origin // Include Referer header
|
||||
},
|
||||
body: JSON.stringify({
|
||||
email
|
||||
|
||||
@@ -35,7 +35,8 @@ export const actions: Actions = {
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
Cookie: `csrftoken=${csrfToken}`,
|
||||
'X-CSRFToken': csrfToken
|
||||
'X-CSRFToken': csrfToken,
|
||||
Referer: event.url.origin // Include Referer header
|
||||
},
|
||||
method: 'POST',
|
||||
credentials: 'include',
|
||||
|
||||
Reference in New Issue
Block a user