fix #303: use csrftoken from hidden input field

jrief · jrief · commit 7ae01cad9ed0 · 2022-04-06T11:48:29.000+02:00
diff --git a/client/admin-sortable2.ts b/client/admin-sortable2.ts
@@ -150,14 +150,13 @@ class ListSortable extends SortableBase {
 	}
 
 	public get headers(): Headers {
-		const value = `; ${document.cookie}`;
-		const parts = value.split('; csrftoken=');
-		const csrfToken = parts.length === 2 ? parts[1].split(';').shift() : null;
 		const headers = new Headers();
 		headers.append('Accept', 'application/json');
 		headers.append('Content-Type', 'application/json');
-		if (csrfToken) {
-			headers.append('X-CSRFToken', csrfToken);
+
+		const inputElement = this.tableBody.closest('form')?.querySelector('input[name="csrfmiddlewaretoken"]') as HTMLInputElement;
+		if (inputElement) {
+			headers.append('X-CSRFToken', inputElement.value);
 		}
 		return headers;
 	}

Original file line number	Diff line number	Diff line change
`@@ -150,14 +150,13 @@ class ListSortable extends SortableBase {`
`150`	`150`	`}`
`151`	`151`
`152`	`152`	`public get headers(): Headers {`
`153`		- const value = `; ${document.cookie}`;
`154`		`- const parts = value.split('; csrftoken=');`
`155`		`- const csrfToken = parts.length === 2 ? parts[1].split(';').shift() : null;`
`156`	`153`	`const headers = new Headers();`
`157`	`154`	`headers.append('Accept', 'application/json');`
`158`	`155`	`headers.append('Content-Type', 'application/json');`
`159`		`- if (csrfToken) {`
`160`		`- headers.append('X-CSRFToken', csrfToken);`
	`156`	`+`
	`157`	`+ const inputElement = this.tableBody.closest('form')?.querySelector('input[name="csrfmiddlewaretoken"]') as HTMLInputElement;`
	`158`	`+ if (inputElement) {`
	`159`	`+ headers.append('X-CSRFToken', inputElement.value);`
`161`	`160`	`}`
`162`	`161`	`return headers;`
`163`	`162`	`}`