Add svelte as a view engine to swaf #33
@ -1,7 +1,6 @@
|
|||||||
<script lang="ts">
|
<script lang="ts">
|
||||||
import {locals} from "../../ts/stores.js";
|
import {locals} from "../../ts/stores.js";
|
||||||
import Field from "./Field.svelte";
|
import Field from "./Field.svelte";
|
||||||
const token = $locals.getCsrfToken ? $locals.getCsrfToken() : undefined;
|
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
<Field type="hidden" name="csrf" value={token}/>
|
<Field type="hidden" name="csrf" value={$locals.getCsrfToken()}/>
|
||||||
|
@ -5,6 +5,7 @@ import {Session, SessionData} from "express-session";
|
|||||||
import ApplicationComponent from "../ApplicationComponent.js";
|
import ApplicationComponent from "../ApplicationComponent.js";
|
||||||
import {AuthMiddleware} from "../auth/AuthComponent.js";
|
import {AuthMiddleware} from "../auth/AuthComponent.js";
|
||||||
import {BadRequestError} from "../HttpError.js";
|
import {BadRequestError} from "../HttpError.js";
|
||||||
|
import FrontendToolsComponent from "./FrontendToolsComponent.js";
|
||||||
|
|
||||||
export default class CsrfProtectionComponent extends ApplicationComponent {
|
export default class CsrfProtectionComponent extends ApplicationComponent {
|
||||||
private static readonly excluders: ((req: Request) => boolean)[] = [];
|
private static readonly excluders: ((req: Request) => boolean)[] = [];
|
||||||
@ -16,6 +17,14 @@ export default class CsrfProtectionComponent extends ApplicationComponent {
|
|||||||
return session.csrf;
|
return session.csrf;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public async init(): Promise<void> {
|
||||||
|
const globals = this.getApp().asOptional(FrontendToolsComponent)?.getGlobals();
|
||||||
|
if (globals) {
|
||||||
|
globals.set('getCsrfToken', () => null);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public static addExcluder(excluder: (req: Request) => boolean): void {
|
public static addExcluder(excluder: (req: Request) => boolean): void {
|
||||||
this.excluders.push(excluder);
|
this.excluders.push(excluder);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user