mirror of
https://github.com/thomiceli/opengist.git
synced 2024-12-22 12:32:40 +00:00
Fix Markdown preview (#368)
This commit is contained in:
parent
97b9fa1100
commit
d537153785
4 changed files with 11 additions and 6 deletions
|
@ -37,7 +37,7 @@ var CmdStart = cli.Command{
|
|||
|
||||
Initialize(ctx)
|
||||
|
||||
go web.NewServer(os.Getenv("OG_DEV") == "1", path.Join(config.GetHomeDir(), "sessions")).Start()
|
||||
go web.NewServer(os.Getenv("OG_DEV") == "1", path.Join(config.GetHomeDir(), "sessions"), false).Start()
|
||||
go ssh.Start()
|
||||
|
||||
<-stopCtx.Done()
|
||||
|
|
|
@ -164,7 +164,7 @@ type Server struct {
|
|||
dev bool
|
||||
}
|
||||
|
||||
func NewServer(isDev bool, sessionsPath string) *Server {
|
||||
func NewServer(isDev bool, sessionsPath string, ignoreCsrf bool) *Server {
|
||||
dev = isDev
|
||||
flashStore = sessions.NewCookieStore([]byte("opengist"))
|
||||
encryptKey, _ := utils.GenerateSecretKey(filepath.Join(sessionsPath, "session-encrypt.key"))
|
||||
|
@ -245,15 +245,16 @@ func NewServer(isDev bool, sessionsPath string) *Server {
|
|||
// Web based routes
|
||||
g1 := e.Group("")
|
||||
{
|
||||
if !dev {
|
||||
if !ignoreCsrf {
|
||||
g1.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
|
||||
TokenLookup: "form:_csrf,header:X-CSRF-Token",
|
||||
CookiePath: "/",
|
||||
CookieHTTPOnly: true,
|
||||
CookieSameSite: http.SameSiteStrictMode,
|
||||
}))
|
||||
g1.Use(csrfInit)
|
||||
}
|
||||
g1.Use(csrfInit)
|
||||
|
||||
g1.GET("/", create, logged)
|
||||
g1.POST("/", processCreate, logged)
|
||||
g1.POST("/preview", preview, logged)
|
||||
|
|
|
@ -33,7 +33,7 @@ type testServer struct {
|
|||
|
||||
func newTestServer() (*testServer, error) {
|
||||
s := &testServer{
|
||||
server: web.NewServer(true, path.Join(config.GetHomeDir(), "tmp", "sessions")),
|
||||
server: web.NewServer(true, path.Join(config.GetHomeDir(), "tmp", "sessions"), true),
|
||||
}
|
||||
|
||||
go s.start()
|
||||
|
|
|
@ -73,10 +73,14 @@ document.addEventListener("DOMContentLoaded", () => {
|
|||
} else {
|
||||
const formData = new FormData();
|
||||
formData.append('content', editor.state.doc.toString());
|
||||
let csrf = document.querySelector<HTMLInputElement>('form#create input[name="_csrf"]').value
|
||||
fetch(`${baseUrl}/preview`, {
|
||||
method: 'POST',
|
||||
credentials: 'same-origin',
|
||||
body: formData
|
||||
body: formData,
|
||||
headers: {
|
||||
'X-CSRF-Token': csrf
|
||||
}
|
||||
}).then(r => r.text()).then(r => {
|
||||
let divpreview = dom.querySelector("div.preview") as HTMLElement;
|
||||
divpreview!.innerHTML = r;
|
||||
|
|
Loading…
Reference in a new issue