diff options
| author | AAGaming <aa@mail.catvibers.me> | 2022-08-05 21:16:29 -0400 |
|---|---|---|
| committer | AAGaming <aa@mail.catvibers.me> | 2022-08-05 21:16:29 -0400 |
| commit | f21d34506d0fd09d5849fcee552447cdfbf4802f (patch) | |
| tree | fa7475021d12d54f5edb74489b9ecf81a16bd639 /frontend/src/components/store/Store.tsx | |
| parent | ab6ec981604a32611d972ede634abe7ccd19b0d2 (diff) | |
| download | decky-loader-f21d34506d0fd09d5849fcee552447cdfbf4802f.tar.gz decky-loader-f21d34506d0fd09d5849fcee552447cdfbf4802f.zip | |
Implement CSRF protection
Diffstat (limited to 'frontend/src/components/store/Store.tsx')
| -rw-r--r-- | frontend/src/components/store/Store.tsx | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/frontend/src/components/store/Store.tsx b/frontend/src/components/store/Store.tsx index fc95fcd5..86318fd5 100644 --- a/frontend/src/components/store/Store.tsx +++ b/frontend/src/components/store/Store.tsx @@ -35,6 +35,10 @@ export async function installFromURL(url: string) { await fetch('http://localhost:1337/browser/install_plugin', { method: 'POST', body: formData, + credentials: 'include', + headers: { + Authentication: window.deckyAuthToken, + }, }); } @@ -50,6 +54,10 @@ export function requestLegacyPluginInstall(plugin: LegacyStorePlugin, selectedVe fetch('http://localhost:1337/browser/install_plugin', { method: 'POST', body: formData, + credentials: 'include', + headers: { + Authentication: window.deckyAuthToken, + }, }); }} onCancel={() => { @@ -75,6 +83,10 @@ export async function requestPluginInstall(plugin: StorePlugin, selectedVer: Sto await fetch('http://localhost:1337/browser/install_plugin', { method: 'POST', body: formData, + credentials: 'include', + headers: { + Authentication: window.deckyAuthToken, + }, }); } @@ -84,12 +96,24 @@ const StorePage: FC<{}> = () => { useEffect(() => { (async () => { - const res = await fetch('https://beta.deckbrew.xyz/plugins', { method: 'GET' }).then((r) => r.json()); + const res = await fetch('https://beta.deckbrew.xyz/plugins', { + method: 'GET', + credentials: 'include', + headers: { + Authentication: window.deckyAuthToken, + }, + }).then((r) => r.json()); console.log(res); setData(res.filter((x: StorePlugin) => x.name !== 'Example Plugin')); })(); (async () => { - const res = await fetch('https://plugins.deckbrew.xyz/get_plugins', { method: 'GET' }).then((r) => r.json()); + const res = await fetch('https://plugins.deckbrew.xyz/get_plugins', { + method: 'GET', + credentials: 'include', + headers: { + Authentication: window.deckyAuthToken, + }, + }).then((r) => r.json()); console.log(res); setLegacyData(res); })(); |