rdelaage
/
miniflux-v2
mirror of https://github.com/miniflux/v2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove invalid CSRF HTML meta tag

This commit is contained in:
Frédéric Guillot 2021-05-31 13:44:34 -07:00 committed by fguillot
parent 1fd4c4ef13
commit 09be3d2bac
3 changed files with 7 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
template/functions.go
View File

@ -75,7 +75,7 @@ func (f *funcMap) Map() template.FuncMap {
"contains": func(str, substr string) bool {
return strings.Contains(str, substr)
},
"replace": func(str, old string, new string) string {
"replace": func(str, old, new string) string {
return strings.Replace(str, old, new, 1)
},
"isodate": func(ts time.Time) string {
@ -86,7 +86,7 @@ func (f *funcMap) Map() template.FuncMap {
},
"icon": func(iconName string) template.HTML {
return template.HTML(fmt.Sprintf(
`<svg class="icon" aria-hidden="true"><use xlink:href="%s#icon-%s"></svg>`,
`<svg class="icon" aria-hidden="true"><use xlink:href="%s#icon-%s"/></svg>`,
route.Path(f.router, "appIcon", "filename", "sprite.svg"),
iconName,
))

9
template/templates/common/layout.html
View File

@ -29,20 +29,17 @@
<link rel="apple-touch-icon" sizes="167x167" href="{{ route "appIcon" "filename" "icon-167.png" }}">
<link rel="apple-touch-icon" sizes="180x180" href="{{ route "appIcon" "filename" "icon-180.png" }}">
{{ if .csrf }}
<meta name="X-CSRF-Token" value="{{ .csrf }}">
{{ end }}
<meta name="theme-color" content="{{ theme_color .theme }}">
<link rel="stylesheet" type="text/css" href="{{ route "stylesheet" "name" .theme }}?{{ .theme_checksum }}">
{{ if and .user .user.Stylesheet }}
<link rel="stylesheet" type="text/css" href="{{ route "stylesheet" "name" "custom_css" }}?{{ rand }}">
{{ end }}
<script type="text/javascript" src="{{ route "javascript" "name" "app" }}?{{ .app_js_checksum }}" defer></script>
<script type="text/javascript" src="{{ route "javascript" "name" "service-worker" }}?{{ .sw_js_checksum }}" defer id="service-worker-script"></script>
<script src="{{ route "javascript" "name" "app" }}?{{ .app_js_checksum }}" defer></script>
<script src="{{ route "javascript" "name" "service-worker" }}?{{ .sw_js_checksum }}" defer id="service-worker-script"></script>
</head>
<body
{{ if .csrf }}data-csrf-token="{{ .csrf }}"{{ end }}
data-entries-status-url="{{ route "updateEntriesStatus" }}"
data-refresh-all-feeds-url="{{ route "refreshAllFeeds" }}"
{{ if .user }}{{ if not .user.KeyboardShortcuts }}data-disable-keyboard-shortcuts="true"{{ end }}{{ end }}>

4
ui/static/js/request_builder.js
View File

@ -30,9 +30,9 @@ class RequestBuilder {
}
getCsrfToken() {
let element = document.querySelector("meta[name=X-CSRF-Token]");
let element = document.querySelector("body[data-csrf-token");
if (element !== null) {
return element.getAttribute("value");
return element.dataset.csrfToken;
}
return "";