treehouse
/
mastodon
21
8
Fork 5
Code Issues 32 Pull Requests Projects 1 Releases Wiki Activity

[Glitch] Use vanilla JS to get Rails CSRF values 

Port 00d94f3ffa to glitch-soc

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
main-rebase-security-fix
Matt Jankowski 2024-03-12 13:10:37 -04:00 committed by Claire
parent 06881a8669
commit 00d72866a3
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/javascript/flavours/glitch/utils/log_out.ts
View File

@ -1,5 +1,3 @@
import Rails from '@rails/ujs';
import { signOutLink } from 'flavours/glitch/utils/backend_links';
export const logOut = () => {
@ -11,13 +9,18 @@ export const logOut = () => {
methodInput.setAttribute('type', 'hidden');
form.appendChild(methodInput);
const csrfToken = Rails.csrfToken();
const csrfParam = Rails.csrfParam();
const csrfToken = document.querySelector<HTMLMetaElement>(
'meta[name=csrf-token]',
);
const csrfParam = document.querySelector<HTMLMetaElement>(
'meta[name=csrf-param]',
);
if (csrfParam && csrfToken) {
const csrfInput = document.createElement('input');
csrfInput.setAttribute('name', csrfParam);
csrfInput.setAttribute('value', csrfToken);
csrfInput.setAttribute('name', csrfParam.content);
csrfInput.setAttribute('value', csrfToken.content);
csrfInput.setAttribute('type', 'hidden');
form.appendChild(csrfInput);
}