diff options
author | ArthurHoaro <arthur@hoa.ro> | 2020-09-01 11:01:21 +0200 |
---|---|---|
committer | ArthurHoaro <arthur@hoa.ro> | 2020-09-01 11:01:21 +0200 |
commit | cd10bc23e79c68d7a017e9284f95a166ea66ea08 (patch) | |
tree | 5aade7a05d5c2a91f1d85967388c8c6c0c198f1a /assets/default/js/base.js | |
parent | bea062149ebcb4663861edb1cc0a32faf85b273f (diff) | |
download | Shaarli-cd10bc23e79c68d7a017e9284f95a166ea66ea08.tar.gz Shaarli-cd10bc23e79c68d7a017e9284f95a166ea66ea08.tar.zst Shaarli-cd10bc23e79c68d7a017e9284f95a166ea66ea08.zip |
Export: refresh CRSF token after submit
This allow users to submit the form multiple times, because there is no actual browser redirection to the page.
Fixes #1532
Diffstat (limited to 'assets/default/js/base.js')
-rw-r--r-- | assets/default/js/base.js | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/assets/default/js/base.js b/assets/default/js/base.js index 0f29799d..27938823 100644 --- a/assets/default/js/base.js +++ b/assets/default/js/base.js | |||
@@ -25,16 +25,18 @@ function findParent(element, tagName, attributes) { | |||
25 | /** | 25 | /** |
26 | * Ajax request to refresh the CSRF token. | 26 | * Ajax request to refresh the CSRF token. |
27 | */ | 27 | */ |
28 | function refreshToken(basePath) { | 28 | function refreshToken(basePath, callback) { |
29 | console.log('refresh'); | ||
30 | const xhr = new XMLHttpRequest(); | 29 | const xhr = new XMLHttpRequest(); |
31 | xhr.open('GET', `${basePath}/admin/token`); | 30 | xhr.open('GET', `${basePath}/admin/token`); |
32 | xhr.onload = () => { | 31 | xhr.onload = () => { |
33 | const elements = document.querySelectorAll('input[name="token"]'); | 32 | const elements = document.querySelectorAll('input[name="token"]'); |
34 | [...elements].forEach((element) => { | 33 | [...elements].forEach((element) => { |
35 | console.log(element); | ||
36 | element.setAttribute('value', xhr.responseText); | 34 | element.setAttribute('value', xhr.responseText); |
37 | }); | 35 | }); |
36 | |||
37 | if (callback) { | ||
38 | callback(xhr.response); | ||
39 | } | ||
38 | }; | 40 | }; |
39 | xhr.send(); | 41 | xhr.send(); |
40 | } | 42 | } |
@@ -622,4 +624,15 @@ function init(description) { | |||
622 | [...autocompleteFields].forEach((autocompleteField) => { | 624 | [...autocompleteFields].forEach((autocompleteField) => { |
623 | awesomepletes.push(createAwesompleteInstance(autocompleteField)); | 625 | awesomepletes.push(createAwesompleteInstance(autocompleteField)); |
624 | }); | 626 | }); |
627 | |||
628 | const exportForm = document.querySelector('#exportform'); | ||
629 | if (exportForm != null) { | ||
630 | exportForm.addEventListener('submit', (event) => { | ||
631 | event.preventDefault(); | ||
632 | |||
633 | refreshToken(basePath, () => { | ||
634 | event.target.submit(); | ||
635 | }); | ||
636 | }); | ||
637 | } | ||
625 | })(); | 638 | })(); |