Merge branch 'main' into refactor-fix-non-strict-and-non-explicit-rel…

…ationships
eclipse-pass · Jun 27, 2024 · d6bf20e · d6bf20e
2 parents c52502b + cd2ef74
commit d6bf20e
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 5 deletions.
diff --git a/app/adapters/application.js b/app/adapters/application.js
@@ -11,9 +11,12 @@ export default class ApplicationAdapter extends JSONAPIAdapter {
 
   namespace = ENV.passApi.namespace;
 
-  headers = {
-    withCredentials: true,
-  };
+  get headers() {
+    return {
+      withCredentials: true,
+      'X-XSRF-TOKEN': document.cookie.match(/XSRF-TOKEN\=([^;]*)/)['1'],
+    };
+  }
 
   // Camel case instead of pluralize model types for our API
   pathForType(type) {

diff --git a/app/adapters/file.js b/app/adapters/file.js
@@ -22,6 +22,10 @@ export default class FileAdapter extends ApplicationAdapter {
     }
     return fetch(url, {
       method: 'DELETE',
+      credentials: 'same-origin',
+      headers: {
+        'X-XSRF-TOKEN': document.cookie.match(/XSRF-TOKEN\=([^;]*)/)['1'],
+      },
     }).then((response) => {
       if (!response.ok) {
         throw new Error('Delete request to the file service failed');

diff --git a/app/components/workflow-files/index.js b/app/components/workflow-files/index.js
@@ -97,7 +97,12 @@ export default class WorkflowFiles extends Component {
   @action
   async uploadFile(FileUpload) {
     try {
-      const response = await FileUpload.upload(ENV.fileServicePath);
+      const response = await FileUpload.upload(ENV.fileServicePath, {
+        withCredentials: true,
+        headers: {
+          'X-XSRF-TOKEN': document.cookie.match(/XSRF-TOKEN\=([^;]*)/)['1'],
+        },
+      });
 
       const file = await response.json();
 

diff --git a/app/services/doi.js b/app/services/doi.js
@@ -32,6 +32,7 @@ export default class DoiService extends Service {
       headers: {
         Accept: 'application/json; charset=utf-8',
         withCredentials: 'include',
+        'X-XSRF-TOKEN': document.cookie.match(/XSRF-TOKEN\=([^;]*)/)['1'],
       },
     });
 

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "pass-ui",
-  "version": "1.7.0-SNAPSHOT",
+  "version": "1.8.0-SNAPSHOT",
   "private": true,
   "description": "The user interface for the eclipse-pass project",
   "license": "MIT",

diff --git a/tests/test-helper.js b/tests/test-helper.js
@@ -15,3 +15,6 @@ setupSinon();
 setup(QUnit.assert);
 
 start();
+
+// Set a fake CSRF token
+document.cookie = 'XSRF-TOKEN=moo';