Reintroduce CSRF token check into getMe

Reintroduces CSRF cookie check in `getMe` API call
MuckRock · Jan 26, 2024 · 733c9cc · 733c9cc
1 parent d301acd
commit 733c9cc
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/src/api/orgAndUser.js b/src/api/orgAndUser.js
@@ -1,10 +1,13 @@
-import session from "./session.js";
+import session, { cookiesEnabled, getCsrfToken } from "./session.js";
 import { USER_EXPAND, ORG_EXPAND, DEFAULT_EXPAND } from "./common.js";
 import { queryBuilder } from "@/util/url.js";
 import { grabAllPages } from "@/util/paginate.js";
 import { apiUrl } from "./base.js";
 
 export async function getMe(expand = DEFAULT_EXPAND) {
+  // Check that the user is logged in via cookies
+  if (cookiesEnabled && !getCsrfToken()) return null;
+  // Check that the user is logged in via network request
   const { status, data } = await session.get(
     queryBuilder(apiUrl(`users/me/`), { expand }),
   );