Home Verkennen Help
Inloggen
LBP
/
miniflux_v2
spiegel van https://github.com/miniflux/v2.git
4
0
Vork 0
Bestanden Issues 0 Wiki
Bladeren bron

Remove invalid CSRF HTML meta tag

Frédéric Guillot 4 jaren geleden
bovenliggende
1fd4c4ef13
commit
09be3d2bac
3 gewijzigde bestanden met toevoegingen van 7 en 10 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 2 2
      template/functions.go
  2. 3 6
      template/templates/common/layout.html
  3. 2 2
      ui/static/js/request_builder.js

+ 2 - 2
template/functions.go
Bestand weergeven 

@@ -75,7 +75,7 @@ func (f *funcMap) Map() template.FuncMap {
 
 		"contains": func(str, substr string) bool {
 
 			return strings.Contains(str, substr)
 
 		},
 
-		"replace": func(str, old string, new string) string {
 
+		"replace": func(str, old, new string) string {
 
 			return strings.Replace(str, old, new, 1)
 
 		},
 
 		"isodate": func(ts time.Time) string {
 
@@ -86,7 +86,7 @@ func (f *funcMap) Map() template.FuncMap {
 
 		},
 
 		"icon": func(iconName string) template.HTML {
 
 			return template.HTML(fmt.Sprintf(
 
-				`<svg class="icon" aria-hidden="true"><use xlink:href="%s#icon-%s"></svg>`,
 
+				`<svg class="icon" aria-hidden="true"><use xlink:href="%s#icon-%s"/></svg>`,
 
 				route.Path(f.router, "appIcon", "filename", "sprite.svg"),
 
 				iconName,
 
 			))

+ 3 - 6
template/templates/common/layout.html
Bestand weergeven 

@@ -29,20 +29,17 @@
 
     <link rel="apple-touch-icon" sizes="167x167" href="{{ route "appIcon" "filename" "icon-167.png" }}">
 
     <link rel="apple-touch-icon" sizes="180x180" href="{{ route "appIcon" "filename" "icon-180.png" }}">
 
 
-    {{ if .csrf }}
 
-        <meta name="X-CSRF-Token" value="{{ .csrf }}">
 
-    {{ end }}
 
-
 
     <meta name="theme-color" content="{{ theme_color .theme }}">
 
     <link rel="stylesheet" type="text/css" href="{{ route "stylesheet" "name" .theme }}?{{ .theme_checksum }}">
 
     {{ if and .user .user.Stylesheet }}
 
     <link rel="stylesheet" type="text/css" href="{{ route "stylesheet" "name" "custom_css" }}?{{ rand }}">
 
     {{ end }}
 
 
-    <script type="text/javascript" src="{{ route "javascript" "name" "app" }}?{{ .app_js_checksum }}" defer></script>
 
-    <script type="text/javascript" src="{{ route "javascript" "name" "service-worker" }}?{{ .sw_js_checksum }}" defer id="service-worker-script"></script>
 
+    <script src="{{ route "javascript" "name" "app" }}?{{ .app_js_checksum }}" defer></script>
 
+    <script src="{{ route "javascript" "name" "service-worker" }}?{{ .sw_js_checksum }}" defer id="service-worker-script"></script>
 
 </head>
 
 <body
 
+    {{ if .csrf }}data-csrf-token="{{ .csrf }}"{{ end }}
 
     data-entries-status-url="{{ route "updateEntriesStatus" }}"
 
     data-refresh-all-feeds-url="{{ route "refreshAllFeeds" }}"
 
     {{ if .user }}{{ if not .user.KeyboardShortcuts }}data-disable-keyboard-shortcuts="true"{{ end }}{{ end }}>

+ 2 - 2
ui/static/js/request_builder.js
Bestand weergeven 

@@ -30,9 +30,9 @@ class RequestBuilder {
 
     }
 
 
     getCsrfToken() {
 
-        let element = document.querySelector("meta[name=X-CSRF-Token]");
 
+        let element = document.querySelector("body[data-csrf-token");
 
         if (element !== null) {
 
-            return element.getAttribute("value");
 
+            return element.dataset.csrfToken;
 
         }
 
 
         return "";