When using 3rd party authentication provider, send over the CSRFToken

nirvn · nirvn · commit 951a8bf1ed4d · 2025-03-15T17:46:50.000+07:00
diff --git a/src/core/qfieldcloudconnection.cpp b/src/core/qfieldcloudconnection.cpp
@@ -612,6 +612,16 @@ void QFieldCloudConnection::setAuthenticationToken( QNetworkRequest &request )
     }
 
     QgsApplication::instance()->authManager()->updateNetworkRequest( request, mProviderConfigId );
+    const QList<QNetworkCookie> cookies = QgsNetworkAccessManager::instance()->cookieJar()->cookiesForUrl( mUrl );
+    for ( const QNetworkCookie &cookie : cookies )
+    {
+      if ( cookie.name() == QLatin1String( "csrftoken" ) )
+      {
+        request.setRawHeader( "X-CSRFToken", cookie.value() );
+        request.setRawHeader( "Referer", mUrl.toLatin1() );
+        break;
+      }
+    }
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -612,6 +612,16 @@ void QFieldCloudConnection::setAuthenticationToken( QNetworkRequest &request )`
`612`	`612`	`}`
`613`	`613`
`614`	`614`	`QgsApplication::instance()->authManager()->updateNetworkRequest( request, mProviderConfigId );`
	`615`	`+ const QList<QNetworkCookie> cookies = QgsNetworkAccessManager::instance()->cookieJar()->cookiesForUrl( mUrl );`
	`616`	`+ for ( const QNetworkCookie &cookie : cookies )`
	`617`	`+ {`
	`618`	`+ if ( cookie.name() == QLatin1String( "csrftoken" ) )`
	`619`	`+ {`
	`620`	`+ request.setRawHeader( "X-CSRFToken", cookie.value() );`
	`621`	`+ request.setRawHeader( "Referer", mUrl.toLatin1() );`
	`622`	`+ break;`
	`623`	`+ }`
	`624`	`+ }`
`615`	`625`	`}`
`616`	`626`	`}`
`617`	`627`