gui: Set CSRF stuff earlier (fixes #3138)

We need to set these properties *before* Angular starts making requests, and doing that from the response to a request is too late. The obvious choice (to me) would be to use the angular $cookies service, but that service isn't available until after initialization so we can't use it. Instead, add a special file that is loaded by index.html and includes the info we need before the JS app even starts running. GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/3152
2016-05-22 10:26:09 +00:00
parent 00be2bf18d
commit 4bc2b3f369
3 changed files with 15 additions and 26 deletions
--- a/cmd/syncthing/gui.go
+++ b/cmd/syncthing/gui.go
@@ -305,6 +305,9 @@ func (s *apiService) Serve() {
 	}
 	mux.Handle("/", assets)

+	// Handle the special meta.js path
+	mux.HandleFunc("/meta.js", s.getJSMetadata)
+
 	s.cfg.Subscribe(assets)

 	guiCfg := s.cfg.GUI()
@@ -525,6 +528,14 @@ func (s *apiService) restPing(w http.ResponseWriter, r *http.Request) {
 	sendJSON(w, map[string]string{"ping": "pong"})
 }

+func (s *apiService) getJSMetadata(w http.ResponseWriter, r *http.Request) {
+	meta, _ := json.Marshal(map[string]string{
+		"deviceID": s.id.String(),
+	})
+	w.Header().Set("Content-Type", "application/javascript")
+	fmt.Fprintf(w, "var metadata = %s;\n", meta)
+}
+
 func (s *apiService) getSystemVersion(w http.ResponseWriter, r *http.Request) {
 	sendJSON(w, map[string]string{
 		"version":     Version,