Browse Source
fix: force uploads to use auth headers instead of cookie
pull/4941/head
NGPixel
3 years ago
No known key found for this signature in database
GPG Key ID: 8FDA2F1757F60D63
2 changed files with
17 additions and
1 deletions
-
client/components/editor/editor-modal-media.vue
-
server/helpers/security.js
|
|
|
@ -143,7 +143,7 @@ |
|
|
|
allow-multiple='true' |
|
|
|
:files='files' |
|
|
|
max-files='10' |
|
|
|
server='/u' |
|
|
|
:server='filePondServerOpts' |
|
|
|
:instant-upload='false' |
|
|
|
:allow-revert='false' |
|
|
|
@processfile='onFileProcessed' |
|
|
|
@ -230,6 +230,7 @@ |
|
|
|
<script> |
|
|
|
import _ from 'lodash' |
|
|
|
import { get, sync } from 'vuex-pathify' |
|
|
|
import Cookies from 'js-cookie' |
|
|
|
import vueFilePond from 'vue-filepond' |
|
|
|
import 'filepond/dist/filepond.min.css' |
|
|
|
|
|
|
|
@ -312,6 +313,17 @@ export default { |
|
|
|
}, |
|
|
|
currentAsset () { |
|
|
|
return _.find(this.assets, ['id', this.currentFileId]) || {} |
|
|
|
}, |
|
|
|
filePondServerOpts () { |
|
|
|
const jwtToken = Cookies.get('jwt') |
|
|
|
return { |
|
|
|
process: { |
|
|
|
url: '/u', |
|
|
|
headers: { |
|
|
|
'Authorization': `Bearer ${jwtToken}` |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
}, |
|
|
|
watch: { |
|
|
|
|
|
|
|
@ -31,6 +31,10 @@ module.exports = { |
|
|
|
if (req && req.cookies) { |
|
|
|
token = req.cookies['jwt'] |
|
|
|
} |
|
|
|
// Force uploads to use Auth headers
|
|
|
|
if (req.path === '/u') { |
|
|
|
return null |
|
|
|
} |
|
|
|
return token |
|
|
|
} |
|
|
|
]) |
|
|
|
|
