mirror of
https://github.com/mickael-kerjean/filestash.git
synced 2025-10-29 17:18:43 +08:00
fix (iframe): cross domain iframe issue on safari
This commit is contained in:
MickaelK
@ -6,6 +6,7 @@ export function http_get(url, type = "json", params) {
|
|||||||
xhr.open("GET", url, true);
|
xhr.open("GET", url, true);
|
||||||
xhr.withCredentials = true;
|
xhr.withCredentials = true;
|
||||||
xhr.setRequestHeader("X-Requested-With", "XmlHttpRequest");
|
xhr.setRequestHeader("X-Requested-With", "XmlHttpRequest");
|
||||||
|
if (window.BEARER_TOKEN) xhr.setRequestHeader("Authorization", `Bearer ${window.BEARER_TOKEN}`);
|
||||||
xhr.onerror = function() {
|
xhr.onerror = function() {
|
||||||
handle_error_response(xhr, err);
|
handle_error_response(xhr, err);
|
||||||
};
|
};
|
||||||
@ -51,6 +52,7 @@ export function http_post(url, data, type = "json", params) {
|
|||||||
xhr.open("POST", url, true);
|
xhr.open("POST", url, true);
|
||||||
xhr.withCredentials = true;
|
xhr.withCredentials = true;
|
||||||
xhr.setRequestHeader("X-Requested-With", "XmlHttpRequest");
|
xhr.setRequestHeader("X-Requested-With", "XmlHttpRequest");
|
||||||
|
if (window.BEARER_TOKEN) xhr.setRequestHeader("Authorization", `Bearer ${window.BEARER_TOKEN}`);
|
||||||
if (data && type === "json") {
|
if (data && type === "json") {
|
||||||
data = JSON.stringify(data);
|
data = JSON.stringify(data);
|
||||||
xhr.setRequestHeader("Content-Type", "application/json");
|
xhr.setRequestHeader("Content-Type", "application/json");
|
||||||
@ -70,6 +72,10 @@ export function http_post(url, data, type = "json", params) {
|
|||||||
handle_error_response(xhr, err);
|
handle_error_response(xhr, err);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const bearerToken = xhr.getResponseHeader("bearer");
|
||||||
|
if (bearerToken) window.BEARER_TOKEN = bearerToken;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
const data = JSON.parse(xhr.responseText);
|
const data = JSON.parse(xhr.responseText);
|
||||||
if (data.status !== "ok") {
|
if (data.status !== "ok") {
|
||||||
@ -98,6 +104,7 @@ export function http_delete(url) {
|
|||||||
xhr.open("DELETE", url, true);
|
xhr.open("DELETE", url, true);
|
||||||
xhr.withCredentials = true;
|
xhr.withCredentials = true;
|
||||||
xhr.setRequestHeader("X-Requested-With", "XmlHttpRequest");
|
xhr.setRequestHeader("X-Requested-With", "XmlHttpRequest");
|
||||||
|
if (window.BEARER_TOKEN) xhr.setRequestHeader("Authorization", `Bearer ${window.BEARER_TOKEN}`);
|
||||||
xhr.onerror = function() {
|
xhr.onerror = function() {
|
||||||
handle_error_response(xhr, err);
|
handle_error_response(xhr, err);
|
||||||
};
|
};
|
||||||
@ -129,6 +136,7 @@ export function http_options(url) {
|
|||||||
xhr.open("OPTIONS", url, true);
|
xhr.open("OPTIONS", url, true);
|
||||||
xhr.withCredentials = true;
|
xhr.withCredentials = true;
|
||||||
xhr.setRequestHeader("X-Requested-With", "XmlHttpRequest");
|
xhr.setRequestHeader("X-Requested-With", "XmlHttpRequest");
|
||||||
|
if (window.BEARER_TOKEN) xhr.setRequestHeader("Authorization", `Bearer ${window.BEARER_TOKEN}`);
|
||||||
xhr.onerror = function() {
|
xhr.onerror = function() {
|
||||||
handle_error_response(xhr, err);
|
handle_error_response(xhr, err);
|
||||||
};
|
};
|
||||||
|
|||||||
@ -8,6 +8,7 @@ function LogoutPageComponent({ error, history }) {
|
|||||||
useEffect(() => {
|
useEffect(() => {
|
||||||
Session.logout().then((res) => {
|
Session.logout().then((res) => {
|
||||||
cache.destroy();
|
cache.destroy();
|
||||||
|
delete window.BEARER_TOKEN;
|
||||||
window.CONFIG["logout"] ?
|
window.CONFIG["logout"] ?
|
||||||
location.href = CONFIG["logout"] :
|
location.href = CONFIG["logout"] :
|
||||||
history.push("/");
|
history.push("/");
|
||||||
|
|||||||
@ -6,6 +6,7 @@ export default function(opts) {
|
|||||||
else if (typeof opts !== "object") throw new Error("unsupported call");
|
else if (typeof opts !== "object") throw new Error("unsupported call");
|
||||||
if (!opts.headers) opts.headers = {};
|
if (!opts.headers) opts.headers = {};
|
||||||
opts.headers["X-Requested-With"] = "XmlHttpRequest";
|
opts.headers["X-Requested-With"] = "XmlHttpRequest";
|
||||||
|
if (window.BEARER_TOKEN) opts.headers["Authorization"] = `Bearer ${window.BEARER_TOKEN}`;
|
||||||
return ajax({ withCredentials: true, ...opts, responseType: "text" }).pipe(
|
return ajax({ withCredentials: true, ...opts, responseType: "text" }).pipe(
|
||||||
rxjs.map((res) => {
|
rxjs.map((res) => {
|
||||||
const result = res.xhr.responseText;
|
const result = res.xhr.responseText;
|
||||||
|
|||||||
@ -198,7 +198,8 @@ export default async function(render) {
|
|||||||
return rxjs.of(null).pipe(
|
return rxjs.of(null).pipe(
|
||||||
rxjs.tap(() => toggleLoader(true)),
|
rxjs.tap(() => toggleLoader(true)),
|
||||||
rxjs.mergeMap(() => createSession(formData)),
|
rxjs.mergeMap(() => createSession(formData)),
|
||||||
rxjs.tap(({ responseJSON }) => { // TODO
|
rxjs.tap(({ responseJSON, responseHeaders }) => {
|
||||||
|
if (responseHeaders.bearer) window.BEARER_TOKEN = responseHeaders.bearer; // fix https://support.apple.com/en-au/guide/safari/sfri40732/mac
|
||||||
let redirectURL = toHref("/files/");
|
let redirectURL = toHref("/files/");
|
||||||
const GET = getURLParams();
|
const GET = getURLParams();
|
||||||
if (GET["next"]) redirectURL = GET["next"];
|
if (GET["next"]) redirectURL = GET["next"];
|
||||||
|
|||||||
@ -12,7 +12,10 @@ export default function(render) {
|
|||||||
|
|
||||||
effect(deleteSession().pipe(
|
effect(deleteSession().pipe(
|
||||||
rxjs.mergeMap(setup_config),
|
rxjs.mergeMap(setup_config),
|
||||||
rxjs.tap(() => window.CONFIG["logout"] ? location.href = window.CONFIG["logout"] : navigate(toHref("/"))),
|
rxjs.tap(() => {
|
||||||
|
delete window.BEARER_TOKEN;
|
||||||
|
window.CONFIG["logout"] ? location.href = window.CONFIG["logout"] : navigate(toHref("/"))
|
||||||
|
}),
|
||||||
rxjs.catchError(ctrlError(render)),
|
rxjs.catchError(ctrlError(render)),
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|||||||
@ -123,6 +123,9 @@ func SessionAuthenticate(ctx *App, res http.ResponseWriter, req *http.Request) {
|
|||||||
index++
|
index++
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if Config.Get("features.protection.iframe").String() != "" {
|
||||||
|
res.Header().Set("bearer", obfuscate)
|
||||||
|
}
|
||||||
if home != "" {
|
if home != "" {
|
||||||
SendSuccessResult(res, home)
|
SendSuccessResult(res, home)
|
||||||
return
|
return
|
||||||
|
|||||||
@ -100,7 +100,6 @@ func Build(a App) *mux.Router {
|
|||||||
} else { // TODO: remove this after migration is done
|
} else { // TODO: remove this after migration is done
|
||||||
r.PathPrefix(WithBase("/assets")).Handler(http.HandlerFunc(NewMiddlewareChain(ServeFile("/"), middlewares, a))).Methods("GET")
|
r.PathPrefix(WithBase("/assets")).Handler(http.HandlerFunc(NewMiddlewareChain(ServeFile("/"), middlewares, a))).Methods("GET")
|
||||||
r.HandleFunc(WithBase("/favicon.ico"), NewMiddlewareChain(ServeFile("/assets/logo/"), middlewares, a)).Methods("GET")
|
r.HandleFunc(WithBase("/favicon.ico"), NewMiddlewareChain(ServeFile("/assets/logo/"), middlewares, a)).Methods("GET")
|
||||||
r.HandleFunc(WithBase("/sw_cache.js"), NewMiddlewareChain(ServeFile("/assets/worker/"), middlewares, a)).Methods("GET")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Other endpoints
|
// Other endpoints
|
||||||
|
|||||||
Reference in New Issue
Block a user