paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-07-28 18:24:38 -05:00
Code Issues Packages Projects Releases Wiki Activity

Frontend: CSRF support

Browse Source
This commit is contained in:
Jonas Winkler
2020-11-11 20:19:57 +01:00
parent ee69429898
commit 2436ff143f
5 changed files with 63 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src-ui/src/app/app.module.ts
View File

@@ -39,6 +39,8 @@ import { InfiniteScrollModule } from 'ngx-infinite-scroll';
import { DateTimeComponent } from './components/common/input/date-time/date-time.component';
import { TagsComponent } from './components/common/input/tags/tags.component';
import { SortableDirective } from './directives/sortable.directive';
import { CookieService } from 'ngx-cookie-service';
import { CsrfInterceptor } from './interceptors/csrf.interceptor';
@NgModule({
declarations: [
@@ -85,7 +87,12 @@ import { SortableDirective } from './directives/sortable.directive';
InfiniteScrollModule
],
providers: [
DatePipe
DatePipe,
CookieService, {
provide: HTTP_INTERCEPTORS,
useClass: CsrfInterceptor,
multi: true
}
],
bootstrap: [AppComponent]
})

16
src-ui/src/app/interceptors/csrf.interceptor.spec.ts Normal file
View File

@@ -0,0 +1,16 @@
import { TestBed } from '@angular/core/testing';
import { CsrfInterceptor } from './csrf.interceptor';
describe('CsrfInterceptor', () => {
beforeEach(() => TestBed.configureTestingModule({
providers: [
CsrfInterceptor
]
}));
it('should be created', () => {
const interceptor: CsrfInterceptor = TestBed.inject(CsrfInterceptor);
expect(interceptor).toBeTruthy();
});
});

30
src-ui/src/app/interceptors/csrf.interceptor.ts Normal file
View File

@@ -0,0 +1,30 @@
import { Injectable } from '@angular/core';
import {
HttpRequest,
HttpHandler,
HttpEvent,
HttpInterceptor
} from '@angular/common/http';
import { Observable } from 'rxjs';
import { CookieService } from 'ngx-cookie-service';
@Injectable()
export class CsrfInterceptor implements HttpInterceptor {
constructor(private cookieService: CookieService) {
}
intercept(request: HttpRequest<unknown>, next: HttpHandler): Observable<HttpEvent<unknown>> {
let csrfToken = this.cookieService.get('csrftoken')
if (csrfToken) {
request = request.clone({
setHeaders: {
'X-CSRFToken': csrfToken
}
})
}
return next.handle(request);
}
}