summaryrefslogtreecommitdiffstats
path: root/apps/dav
diff options
context:
space:
mode:
authorVarun Patil <varunpatil@ucla.edu>2024-05-29 15:17:49 -0700
committerChristopher Ng <chrng8@gmail.com>2024-05-31 15:38:45 -0700
commit39ddfb07b59fba74d00a49194bdb16b521d01e6a (patch)
tree17329f3080a0a47056456c7817210e0d8fa3b687 /apps/dav
parent0f90cc97ca653a16f19769ba6d5c31a68196d136 (diff)
downloadnextcloud-server-39ddfb07b59fba74d00a49194bdb16b521d01e6a.tar.gz
nextcloud-server-39ddfb07b59fba74d00a49194bdb16b521d01e6a.zip
fix(dav): multiple fixes in usage of webdav library
1. Refresh token on update 2. Fix some very weird imports 3. Patch fetch instead of request to prevent accessing impl details Signed-off-by: Varun Patil <varunpatil@ucla.edu>
Diffstat (limited to 'apps/dav')
-rw-r--r--apps/dav/src/dav/client.js30
1 files changed, 19 insertions, 11 deletions
diff --git a/apps/dav/src/dav/client.js b/apps/dav/src/dav/client.js
index b053e585ce8..d6fe3d2680a 100644
--- a/apps/dav/src/dav/client.js
+++ b/apps/dav/src/dav/client.js
@@ -19,21 +19,29 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-import * as webdav from 'webdav'
-import axios from '@nextcloud/axios'
+import { createClient } from 'webdav'
import memoize from 'lodash/fp/memoize.js'
import { generateRemoteUrl } from '@nextcloud/router'
-import { getCurrentUser } from '@nextcloud/auth'
+import { getCurrentUser, getRequestToken, onRequestTokenUpdate } from '@nextcloud/auth'
export const getClient = memoize((service) => {
- // Add this so the server knows it is an request from the browser
- axios.defaults.headers['X-Requested-With'] = 'XMLHttpRequest'
+ // init webdav client
+ const remote = generateRemoteUrl(`dav/${service}/${getCurrentUser().uid}`)
+ const client = createClient(remote)
- // force our axios
- const patcher = webdav.getPatcher()
- patcher.patch('request', axios)
+ // set CSRF token header
+ const setHeaders = (token) => {
+ client.setHeaders({
+ // Add this so the server knows it is an request from the browser
+ 'X-Requested-With': 'XMLHttpRequest',
+ // Inject user auth
+ requesttoken: token ?? '',
+ })
+ }
- return webdav.createClient(
- generateRemoteUrl(`dav/${service}/${getCurrentUser().uid}`)
- )
+ // refresh headers when request token changes
+ onRequestTokenUpdate(setHeaders)
+ setHeaders(getRequestToken())
+
+ return client;
})