CsrfTokenComponent: Use a global empty function for SSR

This commit is contained in:
Alice Gaudon 2021-06-02 17:12:24 +02:00
parent 9ac42bb3db
commit 77ff2505b2
2 changed files with 10 additions and 2 deletions

View File

@ -1,7 +1,6 @@
<script lang="ts">
import {locals} from "../../ts/stores.js";
import Field from "./Field.svelte";
const token = $locals.getCsrfToken ? $locals.getCsrfToken() : undefined;
</script>
<Field type="hidden" name="csrf" value={token}/>
<Field type="hidden" name="csrf" value={$locals.getCsrfToken()}/>

View File

@ -5,6 +5,7 @@ import {Session, SessionData} from "express-session";
import ApplicationComponent from "../ApplicationComponent.js";
import {AuthMiddleware} from "../auth/AuthComponent.js";
import {BadRequestError} from "../HttpError.js";
import FrontendToolsComponent from "./FrontendToolsComponent.js";
export default class CsrfProtectionComponent extends ApplicationComponent {
private static readonly excluders: ((req: Request) => boolean)[] = [];
@ -16,6 +17,14 @@ export default class CsrfProtectionComponent extends ApplicationComponent {
return session.csrf;
}
public async init(): Promise<void> {
const globals = this.getApp().asOptional(FrontendToolsComponent)?.getGlobals();
if (globals) {
globals.set('getCsrfToken', () => null);
}
}
public static addExcluder(excluder: (req: Request) => boolean): void {
this.excluders.push(excluder);
}