pass csrf token in header

4b9eba62 · tom · 84c980b0 · 4b9eba62 · 4b9eba62
Commit 4b9eba62 authored Mar 09, 2023 by tom
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

nodeFetch.ts lib/api/nodeFetch.ts +2 -0

useFetch.tsx lib/hooks/useFetch.tsx +2 -1

No files found.
--- a/lib/api/nodeFetch.ts
+++ b/lib/api/nodeFetch.ts
@@ -13,10 +13,12 @@ export default function fetchFactory(
  // first arg can be only a string
  // FIXME migrate to RequestInfo later if needed
  return function fetch(url: string, init?: RequestInit): Promise<Response> {
+    const csrfToken = _req.headers['x-csrf-token'];
    const headers = {
      accept: _req.headers['accept'] || 'application/json',
      'content-type': _req.headers['content-type'] || 'application/json',
      cookie: `${ cookies.NAMES.API_TOKEN }=${ _req.cookies[cookies.NAMES.API_TOKEN] }`,
+      ...(csrfToken ? { 'x-csrf-token': String(csrfToken) } : {}),
    };

    httpLogger.logger.info({

--- a/lib/hooks/useFetch.tsx
+++ b/lib/hooks/useFetch.tsx
@@ -37,7 +37,7 @@ export default function useFetch() {
        return _body;
      }

-      return JSON.stringify({ ..._body, _csrf_token: token });
+      return JSON.stringify(_body);
    })();

    const reqParams = {
@@ -45,6 +45,7 @@ export default function useFetch() {
      body,
      headers: {
        ...(isBodyAllowed && !isFormData ? { 'Content-type': 'application/json' } : undefined),
+        ...(isBodyAllowed && token ? { 'x-csrf-token': token } : undefined),
        ...params?.headers,
      },
    };