1 files changed, 19 insertions, 6 deletions

diff --git a/apps/files_trashbin/src/services/client.ts b/apps/files_trashbin/src/services/client.ts
index 9fb3361839a..e9ea06a9a5e 100644
--- a/apps/files_trashbin/src/services/client.ts
+++ b/apps/files_trashbin/src/services/client.ts
@@ -19,15 +19,28 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  *
  */
+
 import { createClient } from 'webdav'
 import { generateRemoteUrl } from '@nextcloud/router'
-import { getCurrentUser, getRequestToken } from '@nextcloud/auth'
+import { getCurrentUser, getRequestToken, onRequestTokenUpdate } from '@nextcloud/auth'
 
+// init webdav client
 export const rootPath = `/trashbin/${getCurrentUser()?.uid}/trash`
 export const rootUrl = generateRemoteUrl('dav' + rootPath)
-const client = createClient(rootUrl, {
-	headers: {
-		requesttoken: getRequestToken(),
-	},
-})
+const client = createClient(rootUrl)
+
+// set CSRF token header
+const setHeaders = (token: string | null) => {
+  client.setHeaders({
+    // Add this so the server knows it is an request from the browser
+    'X-Requested-With': 'XMLHttpRequest',
+    // Inject user auth
+    requesttoken: token ?? '',
+  })
+}
+
+// refresh headers when request token changes
+onRequestTokenUpdate(setHeaders)
+setHeaders(getRequestToken())
+
 export default client