Implement CSRF protection

author: AAGaming <aa@mail.catvibers.me> 2022-08-05 21:16:29 -0400
committer: AAGaming <aa@mail.catvibers.me> 2022-08-05 21:16:29 -0400
commit: f21d34506d0fd09d5849fcee552447cdfbf4802f (patch)
tree: fa7475021d12d54f5edb74489b9ecf81a16bd639 /frontend/src/components/store/Store.tsx
parent: ab6ec981604a32611d972ede634abe7ccd19b0d2 (diff)
download: decky-loader-f21d34506d0fd09d5849fcee552447cdfbf4802f.tar.gz
decky-loader-f21d34506d0fd09d5849fcee552447cdfbf4802f.zip
1 files changed, 26 insertions, 2 deletions
diff --git a/frontend/src/components/store/Store.tsx b/frontend/src/components/store/Store.tsx
index fc95fcd5..86318fd5 100644
--- a/frontend/src/components/store/Store.tsx
+++ b/frontend/src/components/store/Store.tsx
@@ -35,6 +35,10 @@ export async function installFromURL(url: string) {
   await fetch('http://localhost:1337/browser/install_plugin', {
     method: 'POST',
     body: formData,
+    credentials: 'include',
+    headers: {
+      Authentication: window.deckyAuthToken,
+    },
   });
 }
 
@@ -50,6 +54,10 @@ export function requestLegacyPluginInstall(plugin: LegacyStorePlugin, selectedVe
         fetch('http://localhost:1337/browser/install_plugin', {
           method: 'POST',
           body: formData,
+          credentials: 'include',
+          headers: {
+            Authentication: window.deckyAuthToken,
+          },
         });
       }}
       onCancel={() => {
@@ -75,6 +83,10 @@ export async function requestPluginInstall(plugin: StorePlugin, selectedVer: Sto
   await fetch('http://localhost:1337/browser/install_plugin', {
     method: 'POST',
     body: formData,
+    credentials: 'include',
+    headers: {
+      Authentication: window.deckyAuthToken,
+    },
   });
 }
 
@@ -84,12 +96,24 @@ const StorePage: FC<{}> = () => {
 
   useEffect(() => {
     (async () => {
-      const res = await fetch('https://beta.deckbrew.xyz/plugins', { method: 'GET' }).then((r) => r.json());
+      const res = await fetch('https://beta.deckbrew.xyz/plugins', {
+        method: 'GET',
+        credentials: 'include',
+        headers: {
+          Authentication: window.deckyAuthToken,
+        },
+      }).then((r) => r.json());
       console.log(res);
       setData(res.filter((x: StorePlugin) => x.name !== 'Example Plugin'));
     })();
     (async () => {
-      const res = await fetch('https://plugins.deckbrew.xyz/get_plugins', { method: 'GET' }).then((r) => r.json());
+      const res = await fetch('https://plugins.deckbrew.xyz/get_plugins', {
+        method: 'GET',
+        credentials: 'include',
+        headers: {
+          Authentication: window.deckyAuthToken,
+        },
+      }).then((r) => r.json());
       console.log(res);
       setLegacyData(res);
     })();
author	AAGaming <aa@mail.catvibers.me>	2022-08-05 21:16:29 -0400
committer	AAGaming <aa@mail.catvibers.me>	2022-08-05 21:16:29 -0400
commit	f21d34506d0fd09d5849fcee552447cdfbf4802f (patch)
tree	fa7475021d12d54f5edb74489b9ecf81a16bd639 /frontend/src/components/store/Store.tsx
parent	ab6ec981604a32611d972ede634abe7ccd19b0d2 (diff)
download	decky-loader-f21d34506d0fd09d5849fcee552447cdfbf4802f.tar.gz decky-loader-f21d34506d0fd09d5849fcee552447cdfbf4802f.zip