aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2022-10-26 14:28:38 +0200
committerChocobozzz <me@florianbigard.com>2022-10-27 09:13:10 +0200
commit49e7e4d9ffd16cba7a721f6d3d3203decf4f4b2c (patch)
treef51d906fdb3b5f7410b0d127e9c6aa1289da9664
parentb67580aa65cd14be81353c6cfcec9802e093651d (diff)
downloadPeerTube-49e7e4d9ffd16cba7a721f6d3d3203decf4f4b2c.tar.gz
PeerTube-49e7e4d9ffd16cba7a721f6d3d3203decf4f4b2c.tar.zst
PeerTube-49e7e4d9ffd16cba7a721f6d3d3203decf4f4b2c.zip
Fix token injection if unlogged user
-rw-r--r--client/src/assets/player/shared/peertube/peertube-plugin.ts4
-rw-r--r--client/src/standalone/videos/shared/auth-http.ts2
2 files changed, 4 insertions, 2 deletions
diff --git a/client/src/assets/player/shared/peertube/peertube-plugin.ts b/client/src/assets/player/shared/peertube/peertube-plugin.ts
index 4bd038bb1..56de66998 100644
--- a/client/src/assets/player/shared/peertube/peertube-plugin.ts
+++ b/client/src/assets/player/shared/peertube/peertube-plugin.ts
@@ -210,7 +210,7 @@ class PeerTubePlugin extends Plugin {
210 lastViewEvent = undefined 210 lastViewEvent = undefined
211 211
212 // Server won't save history, so save the video position in local storage 212 // Server won't save history, so save the video position in local storage
213 if (!this.authorizationHeader) { 213 if (!this.authorizationHeader()) {
214 saveVideoWatchHistory(this.videoUUID, currentTime) 214 saveVideoWatchHistory(this.videoUUID, currentTime)
215 } 215 }
216 }, this.CONSTANTS.USER_VIEW_VIDEO_INTERVAL) 216 }, this.CONSTANTS.USER_VIEW_VIDEO_INTERVAL)
@@ -228,7 +228,7 @@ class PeerTubePlugin extends Plugin {
228 'Content-type': 'application/json; charset=UTF-8' 228 'Content-type': 'application/json; charset=UTF-8'
229 }) 229 })
230 230
231 if (this.authorizationHeader) headers.set('Authorization', this.authorizationHeader()) 231 if (this.authorizationHeader()) headers.set('Authorization', this.authorizationHeader())
232 232
233 return fetch(this.videoViewUrl, { method: 'POST', body: JSON.stringify(body), headers }) 233 return fetch(this.videoViewUrl, { method: 'POST', body: JSON.stringify(body), headers })
234 } 234 }
diff --git a/client/src/standalone/videos/shared/auth-http.ts b/client/src/standalone/videos/shared/auth-http.ts
index 43af5dff4..95e3b029e 100644
--- a/client/src/standalone/videos/shared/auth-http.ts
+++ b/client/src/standalone/videos/shared/auth-http.ts
@@ -27,6 +27,8 @@ export class AuthHTTP {
27 } 27 }
28 28
29 getHeaderTokenValue () { 29 getHeaderTokenValue () {
30 if (!this.userOAuthTokens) return null
31
30 return `${this.userOAuthTokens.tokenType} ${this.userOAuthTokens.accessToken}` 32 return `${this.userOAuthTokens.tokenType} ${this.userOAuthTokens.accessToken}`
31 } 33 }
32 34