perso/syncthing-arm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

gui: Set CSRF stuff earlier (fixes #3138)

Browse Source 
We need to set these properties *before* Angular starts making requests,
and doing that from the response to a request is too late. The obvious
choice (to me) would be to use the angular $cookies service, but that
service isn't available until after initialization so we can't use it.
Instead, add a special file that is loaded by index.html and includes
the info we need before the JS app even starts running.

GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/3152
This commit is contained in:
Jakob Borg 2016-05-22 10:26:09 +00:00 committed by Audrius Butkevicius
parent 00be2bf18d
commit 4bc2b3f369
3 changed files with 15 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
cmd/syncthing/gui.go
View File

@ -305,6 +305,9 @@ func (s *apiService) Serve() {
} }
mux.Handle("/", assets) mux.Handle("/", assets)
// Handle the special meta.js path
mux.HandleFunc("/meta.js", s.getJSMetadata)
s.cfg.Subscribe(assets) s.cfg.Subscribe(assets)
guiCfg := s.cfg.GUI() guiCfg := s.cfg.GUI()
@ -525,6 +528,14 @@ func (s *apiService) restPing(w http.ResponseWriter, r *http.Request) {
sendJSON(w, map[string]string{"ping": "pong"}) sendJSON(w, map[string]string{"ping": "pong"})
} }
func (s *apiService) getJSMetadata(w http.ResponseWriter, r *http.Request) {
meta, _ := json.Marshal(map[string]string{
"deviceID": s.id.String(),
})
w.Header().Set("Content-Type", "application/javascript")
fmt.Fprintf(w, "var metadata = %s;\n", meta)
}
func (s *apiService) getSystemVersion(w http.ResponseWriter, r *http.Request) { func (s *apiService) getSystemVersion(w http.ResponseWriter, r *http.Request) {
sendJSON(w, map[string]string{ sendJSON(w, map[string]string{
"version": Version, "version": Version,

1
gui/default/index.html
View File

@ -664,6 +664,7 @@
<script src="assets/lang/valid-langs.js"></script> <script src="assets/lang/valid-langs.js"></script>
<script src="assets/lang/prettyprint.js"></script> <script src="assets/lang/prettyprint.js"></script>
<script src="meta.js"></script>
<script src="syncthing/app.js"></script> <script src="syncthing/app.js"></script>
<!-- / gui application code --> <!-- / gui application code -->

29
gui/default/syncthing/app.js
View File

@ -23,31 +23,9 @@ var syncthing = angular.module('syncthing', [
var urlbase = 'rest'; var urlbase = 'rest';
syncthing.config(function ($httpProvider, $translateProvider, LocaleServiceProvider) { syncthing.config(function ($httpProvider, $translateProvider, LocaleServiceProvider) {
$httpProvider.interceptors.push(function xHeadersResponseInterceptor() { var deviceIDShort = metadata.deviceID.substr(0, 5);
var deviceId = null; $httpProvider.defaults.xsrfHeaderName = 'X-CSRF-Token-' + deviceIDShort;
$httpProvider.defaults.xsrfCookieName = 'CSRF-Token-' + deviceIDShort;
return {
response: function onResponse(response) {
var headers = response.headers();
// angular template cache sends no headers
if(Object.keys(headers).length === 0) {
return response;
}
if (!deviceId) {
deviceId = headers['x-syncthing-id'];
if (deviceId) {
var deviceIdShort = deviceId.substring(0, 5);
$httpProvider.defaults.xsrfHeaderName = 'X-CSRF-Token-' + deviceIdShort;
$httpProvider.defaults.xsrfCookieName = 'CSRF-Token-' + deviceIdShort;
}
}
return response;
}
};
});
// language and localisation // language and localisation
@ -59,7 +37,6 @@ syncthing.config(function ($httpProvider, $translateProvider, LocaleServiceProvi
LocaleServiceProvider.setAvailableLocales(validLangs); LocaleServiceProvider.setAvailableLocales(validLangs);
LocaleServiceProvider.setDefaultLocale('en'); LocaleServiceProvider.setDefaultLocale('en');
}); });
// @TODO: extract global level functions into separate service(s) // @TODO: extract global level functions into separate service(s)