Skip to content

Commit 1871212

Browse files
divolgindivolgin
authored
Don't sent JWT in the URL when exporting data (#359)
1 parent 038f026 commit 1871212

File tree

1 file changed

+41
-6
lines changed

1 file changed

+41
-6
lines changed

src/redux/data/exports/thunks.js

Lines changed: 41 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -82,12 +82,19 @@ export function createSavedExport(query, filters, dates, name) {
8282
}
8383

8484
const exportResult = await exportResponse.json();
85-
const encodedJwt = encodeURIComponent(jwt);
8685

8786
dispatch(fetchSavedExports());
8887

89-
const downloadUrl = `${host}/project/${projectId}/export/${exportResult.id}/rendered?jwt=${encodedJwt}`;
90-
window.location = downloadUrl;
88+
const downloadUrl = `${host}/project/${projectId}/export/${exportResult.id}/rendered`;
89+
const renderedResponse = await fetch(downloadUrl, {
90+
method: "GET",
91+
headers: {
92+
Authorization: jwt,
93+
Accept: "text/csv",
94+
},
95+
});
96+
97+
await downloadFile(renderedResponse);
9198

9299
dispatch(loadingData("exportCSVLoading", false));
93100

@@ -110,12 +117,40 @@ export function renderSavedExport(id) {
110117
const projectId = state.data.sessionData.session.project_id;
111118
const jwt = state.data.sessionData.session.token;
112119
const host = state.data.sessionData.host;
113-
const encodedJwt = encodeURIComponent(jwt);
114120

115-
const downloadUrl = `${host}/project/${projectId}/export/${id}/rendered?jwt=${encodedJwt}`;
116-
window.location = downloadUrl;
121+
const downloadUrl = `${host}/project/${projectId}/export/${id}/rendered`;
122+
const renderedResponse = await fetch(downloadUrl, {
123+
method: "GET",
124+
headers: {
125+
Authorization: jwt,
126+
Accept: "text/csv",
127+
},
128+
});
129+
130+
await downloadFile(renderedResponse);
117131

118132
//dispatch(setIsLoading(false));
119133
//dispatch(addNewSavedExport(result));
120134
};
121135
}
136+
137+
async function downloadFile(exportResponse) {
138+
const data = await exportResponse.blob()
139+
140+
const anchor = document.createElement("a");
141+
anchor.href = URL.createObjectURL(data);
142+
143+
const filename = exportResponse.headers.get("Content-Disposition")?.split("filename=")[1] || "export.csv";
144+
anchor.download = removeQuotes(filename);
145+
anchor.style.display = "none";
146+
document.body.appendChild(anchor);
147+
148+
// Trigger the download and clean up
149+
anchor.click();
150+
URL.revokeObjectURL(anchor.href);
151+
document.body.removeChild(anchor);
152+
}
153+
154+
function removeQuotes(str) {
155+
return str.replace(/^['"]+|['"]+$/g, "");
156+
}

0 commit comments

Comments
 (0)