diff options
author | Varun Patil <varunpatil@ucla.edu> | 2024-05-29 15:17:49 -0700 |
---|---|---|
committer | Christopher Ng <chrng8@gmail.com> | 2024-05-31 15:38:45 -0700 |
commit | 39ddfb07b59fba74d00a49194bdb16b521d01e6a (patch) | |
tree | 17329f3080a0a47056456c7817210e0d8fa3b687 /apps/dav | |
parent | 0f90cc97ca653a16f19769ba6d5c31a68196d136 (diff) | |
download | nextcloud-server-39ddfb07b59fba74d00a49194bdb16b521d01e6a.tar.gz nextcloud-server-39ddfb07b59fba74d00a49194bdb16b521d01e6a.zip |
fix(dav): multiple fixes in usage of webdav library
1. Refresh token on update
2. Fix some very weird imports
3. Patch fetch instead of request to prevent accessing impl details
Signed-off-by: Varun Patil <varunpatil@ucla.edu>
Diffstat (limited to 'apps/dav')
-rw-r--r-- | apps/dav/src/dav/client.js | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/apps/dav/src/dav/client.js b/apps/dav/src/dav/client.js index b053e585ce8..d6fe3d2680a 100644 --- a/apps/dav/src/dav/client.js +++ b/apps/dav/src/dav/client.js @@ -19,21 +19,29 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. */ -import * as webdav from 'webdav' -import axios from '@nextcloud/axios' +import { createClient } from 'webdav' import memoize from 'lodash/fp/memoize.js' import { generateRemoteUrl } from '@nextcloud/router' -import { getCurrentUser } from '@nextcloud/auth' +import { getCurrentUser, getRequestToken, onRequestTokenUpdate } from '@nextcloud/auth' export const getClient = memoize((service) => { - // Add this so the server knows it is an request from the browser - axios.defaults.headers['X-Requested-With'] = 'XMLHttpRequest' + // init webdav client + const remote = generateRemoteUrl(`dav/${service}/${getCurrentUser().uid}`) + const client = createClient(remote) - // force our axios - const patcher = webdav.getPatcher() - patcher.patch('request', axios) + // set CSRF token header + const setHeaders = (token) => { + client.setHeaders({ + // Add this so the server knows it is an request from the browser + 'X-Requested-With': 'XMLHttpRequest', + // Inject user auth + requesttoken: token ?? '', + }) + } - return webdav.createClient( - generateRemoteUrl(`dav/${service}/${getCurrentUser().uid}`) - ) + // refresh headers when request token changes + onRequestTokenUpdate(setHeaders) + setHeaders(getRequestToken()) + + return client; }) |