Fix some API calls that should not use an API token (#30401)

main-rebase-security-fix
Renaud Chaput 2024-05-23 09:30:48 +02:00 committed by GitHub
parent 2c5ab8f647
commit 15d3070754
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 9 additions and 9 deletions

View File

@ -40,11 +40,11 @@ const authorizationTokenFromInitialState = (): RawAxiosRequestHeaders => {
}; };
// eslint-disable-next-line import/no-default-export // eslint-disable-next-line import/no-default-export
export default function api() { export default function api(withAuthorization = true) {
return axios.create({ return axios.create({
headers: { headers: {
...csrfHeader, ...csrfHeader,
...authorizationTokenFromInitialState(), ...(withAuthorization ? authorizationTokenFromInitialState() : {}),
}, },
transformResponse: [ transformResponse: [

View File

@ -48,7 +48,7 @@ export default class Counter extends PureComponent {
componentDidMount () { componentDidMount () {
const { measure, start_at, end_at, params } = this.props; const { measure, start_at, end_at, params } = this.props;
api().post('/api/v1/admin/measures', { keys: [measure], start_at, end_at, [measure]: params }).then(res => { api(false).post('/api/v1/admin/measures', { keys: [measure], start_at, end_at, [measure]: params }).then(res => {
this.setState({ this.setState({
loading: false, loading: false,
data: res.data, data: res.data,

View File

@ -26,7 +26,7 @@ export default class Dimension extends PureComponent {
componentDidMount () { componentDidMount () {
const { start_at, end_at, dimension, limit, params } = this.props; const { start_at, end_at, dimension, limit, params } = this.props;
api().post('/api/v1/admin/dimensions', { keys: [dimension], start_at, end_at, limit, [dimension]: params }).then(res => { api(false).post('/api/v1/admin/dimensions', { keys: [dimension], start_at, end_at, limit, [dimension]: params }).then(res => {
this.setState({ this.setState({
loading: false, loading: false,
data: res.data, data: res.data,

View File

@ -27,7 +27,7 @@ export default class ImpactReport extends PureComponent {
include_subdomains: true, include_subdomains: true,
}; };
api().post('/api/v1/admin/measures', { api(false).post('/api/v1/admin/measures', {
keys: ['instance_accounts', 'instance_follows', 'instance_followers'], keys: ['instance_accounts', 'instance_follows', 'instance_followers'],
start_at: null, start_at: null,
end_at: null, end_at: null,

View File

@ -105,7 +105,7 @@ class ReportReasonSelector extends PureComponent {
}; };
componentDidMount() { componentDidMount() {
api().get('/api/v1/instance').then(res => { api(false).get('/api/v1/instance').then(res => {
this.setState({ this.setState({
rules: res.data.rules, rules: res.data.rules,
}); });
@ -122,7 +122,7 @@ class ReportReasonSelector extends PureComponent {
return; return;
} }
api().put(`/api/v1/admin/reports/${id}`, { api(false).put(`/api/v1/admin/reports/${id}`, {
category, category,
rule_ids: category === 'violation' ? rule_ids : [], rule_ids: category === 'violation' ? rule_ids : [],
}).catch(err => { }).catch(err => {

View File

@ -34,7 +34,7 @@ export default class Retention extends PureComponent {
componentDidMount () { componentDidMount () {
const { start_at, end_at, frequency } = this.props; const { start_at, end_at, frequency } = this.props;
api().post('/api/v1/admin/retention', { start_at, end_at, frequency }).then(res => { api(false).post('/api/v1/admin/retention', { start_at, end_at, frequency }).then(res => {
this.setState({ this.setState({
loading: false, loading: false,
data: res.data, data: res.data,

View File

@ -22,7 +22,7 @@ export default class Trends extends PureComponent {
componentDidMount () { componentDidMount () {
const { limit } = this.props; const { limit } = this.props;
api().get('/api/v1/admin/trends/tags', { params: { limit } }).then(res => { api(false).get('/api/v1/admin/trends/tags', { params: { limit } }).then(res => {
this.setState({ this.setState({
loading: false, loading: false,
data: res.data, data: res.data,