mirror of
https://github.com/thomiceli/opengist.git
synced 2025-01-08 17:42:40 +00:00
Fix Markdown preview (#368)
This commit is contained in:
parent
97b9fa1100
commit
d537153785
4 changed files with 11 additions and 6 deletions
|
@ -37,7 +37,7 @@ var CmdStart = cli.Command{
|
||||||
|
|
||||||
Initialize(ctx)
|
Initialize(ctx)
|
||||||
|
|
||||||
go web.NewServer(os.Getenv("OG_DEV") == "1", path.Join(config.GetHomeDir(), "sessions")).Start()
|
go web.NewServer(os.Getenv("OG_DEV") == "1", path.Join(config.GetHomeDir(), "sessions"), false).Start()
|
||||||
go ssh.Start()
|
go ssh.Start()
|
||||||
|
|
||||||
<-stopCtx.Done()
|
<-stopCtx.Done()
|
||||||
|
|
|
@ -164,7 +164,7 @@ type Server struct {
|
||||||
dev bool
|
dev bool
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewServer(isDev bool, sessionsPath string) *Server {
|
func NewServer(isDev bool, sessionsPath string, ignoreCsrf bool) *Server {
|
||||||
dev = isDev
|
dev = isDev
|
||||||
flashStore = sessions.NewCookieStore([]byte("opengist"))
|
flashStore = sessions.NewCookieStore([]byte("opengist"))
|
||||||
encryptKey, _ := utils.GenerateSecretKey(filepath.Join(sessionsPath, "session-encrypt.key"))
|
encryptKey, _ := utils.GenerateSecretKey(filepath.Join(sessionsPath, "session-encrypt.key"))
|
||||||
|
@ -245,15 +245,16 @@ func NewServer(isDev bool, sessionsPath string) *Server {
|
||||||
// Web based routes
|
// Web based routes
|
||||||
g1 := e.Group("")
|
g1 := e.Group("")
|
||||||
{
|
{
|
||||||
if !dev {
|
if !ignoreCsrf {
|
||||||
g1.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
|
g1.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
|
||||||
TokenLookup: "form:_csrf,header:X-CSRF-Token",
|
TokenLookup: "form:_csrf,header:X-CSRF-Token",
|
||||||
CookiePath: "/",
|
CookiePath: "/",
|
||||||
CookieHTTPOnly: true,
|
CookieHTTPOnly: true,
|
||||||
CookieSameSite: http.SameSiteStrictMode,
|
CookieSameSite: http.SameSiteStrictMode,
|
||||||
}))
|
}))
|
||||||
|
g1.Use(csrfInit)
|
||||||
}
|
}
|
||||||
g1.Use(csrfInit)
|
|
||||||
g1.GET("/", create, logged)
|
g1.GET("/", create, logged)
|
||||||
g1.POST("/", processCreate, logged)
|
g1.POST("/", processCreate, logged)
|
||||||
g1.POST("/preview", preview, logged)
|
g1.POST("/preview", preview, logged)
|
||||||
|
|
|
@ -33,7 +33,7 @@ type testServer struct {
|
||||||
|
|
||||||
func newTestServer() (*testServer, error) {
|
func newTestServer() (*testServer, error) {
|
||||||
s := &testServer{
|
s := &testServer{
|
||||||
server: web.NewServer(true, path.Join(config.GetHomeDir(), "tmp", "sessions")),
|
server: web.NewServer(true, path.Join(config.GetHomeDir(), "tmp", "sessions"), true),
|
||||||
}
|
}
|
||||||
|
|
||||||
go s.start()
|
go s.start()
|
||||||
|
|
|
@ -73,10 +73,14 @@ document.addEventListener("DOMContentLoaded", () => {
|
||||||
} else {
|
} else {
|
||||||
const formData = new FormData();
|
const formData = new FormData();
|
||||||
formData.append('content', editor.state.doc.toString());
|
formData.append('content', editor.state.doc.toString());
|
||||||
|
let csrf = document.querySelector<HTMLInputElement>('form#create input[name="_csrf"]').value
|
||||||
fetch(`${baseUrl}/preview`, {
|
fetch(`${baseUrl}/preview`, {
|
||||||
method: 'POST',
|
method: 'POST',
|
||||||
credentials: 'same-origin',
|
credentials: 'same-origin',
|
||||||
body: formData
|
body: formData,
|
||||||
|
headers: {
|
||||||
|
'X-CSRF-Token': csrf
|
||||||
|
}
|
||||||
}).then(r => r.text()).then(r => {
|
}).then(r => r.text()).then(r => {
|
||||||
let divpreview = dom.querySelector("div.preview") as HTMLElement;
|
let divpreview = dom.querySelector("div.preview") as HTMLElement;
|
||||||
divpreview!.innerHTML = r;
|
divpreview!.innerHTML = r;
|
||||||
|
|
Loading…
Reference in a new issue