From 77ff2505b20f1fd51449bbae2148fe9e7e0e495d Mon Sep 17 00:00:00 2001 From: Alice Gaudon Date: Wed, 2 Jun 2021 17:12:24 +0200 Subject: [PATCH] CsrfTokenComponent: Use a global empty function for SSR --- src/assets/views/utils/CsrfTokenField.svelte | 3 +-- src/components/CsrfProtectionComponent.ts | 9 +++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/assets/views/utils/CsrfTokenField.svelte b/src/assets/views/utils/CsrfTokenField.svelte index b757ff1..85f946f 100644 --- a/src/assets/views/utils/CsrfTokenField.svelte +++ b/src/assets/views/utils/CsrfTokenField.svelte @@ -1,7 +1,6 @@ - + diff --git a/src/components/CsrfProtectionComponent.ts b/src/components/CsrfProtectionComponent.ts index c817c0d..43926ed 100644 --- a/src/components/CsrfProtectionComponent.ts +++ b/src/components/CsrfProtectionComponent.ts @@ -5,6 +5,7 @@ import {Session, SessionData} from "express-session"; import ApplicationComponent from "../ApplicationComponent.js"; import {AuthMiddleware} from "../auth/AuthComponent.js"; import {BadRequestError} from "../HttpError.js"; +import FrontendToolsComponent from "./FrontendToolsComponent.js"; export default class CsrfProtectionComponent extends ApplicationComponent { private static readonly excluders: ((req: Request) => boolean)[] = []; @@ -16,6 +17,14 @@ export default class CsrfProtectionComponent extends ApplicationComponent { return session.csrf; } + + public async init(): Promise { + const globals = this.getApp().asOptional(FrontendToolsComponent)?.getGlobals(); + if (globals) { + globals.set('getCsrfToken', () => null); + } + } + public static addExcluder(excluder: (req: Request) => boolean): void { this.excluders.push(excluder); }