CsrfTokenComponent: Use a global empty function for SSR

2021-06-02 17:12:24 +02:00 · 2021-06-02 17:12:24 +02:00 · 77ff2505b2
commit 77ff2505b2
parent 9ac42bb3db
2 changed files with 10 additions and 2 deletions
--- a/src/assets/views/utils/CsrfTokenField.svelte
+++ b/src/assets/views/utils/CsrfTokenField.svelte
@ -1,7 +1,6 @@
 <script lang="ts">
    import {locals} from "../../ts/stores.js";
    import Field from "./Field.svelte";
-    const token = $locals.getCsrfToken ? $locals.getCsrfToken() : undefined;
 </script>

-<Field type="hidden" name="csrf" value={token}/>
+<Field type="hidden" name="csrf" value={$locals.getCsrfToken()}/>
--- a/src/components/CsrfProtectionComponent.ts
+++ b/src/components/CsrfProtectionComponent.ts
@ -5,6 +5,7 @@ import {Session, SessionData} from "express-session";
 import ApplicationComponent from "../ApplicationComponent.js";
 import {AuthMiddleware} from "../auth/AuthComponent.js";
 import {BadRequestError} from "../HttpError.js";
+import FrontendToolsComponent from "./FrontendToolsComponent.js";

 export default class CsrfProtectionComponent extends ApplicationComponent {
    private static readonly excluders: ((req: Request) => boolean)[] = [];
@ -16,6 +17,14 @@ export default class CsrfProtectionComponent extends ApplicationComponent {
        return session.csrf;
    }

+
+    public async init(): Promise<void> {
+        const globals = this.getApp().asOptional(FrontendToolsComponent)?.getGlobals();
+        if (globals) {
+            globals.set('getCsrfToken', () => null);
+        }
+    }
+
    public static addExcluder(excluder: (req: Request) => boolean): void {
        this.excluders.push(excluder);
    }