From 198fc1ced39f79ee47c18151b12dc532fa6831c5 Mon Sep 17 00:00:00 2001
From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com.>
Date: Wed, 8 Jan 2025 16:58:32 +0000
Subject: [PATCH] csrf
---
src/main/resources/static/js/csrf.js | 35 +++++++++++++++++++
.../resources/templates/fragments/common.html | 1 +
2 files changed, 36 insertions(+)
create mode 100644 src/main/resources/static/js/csrf.js
diff --git a/src/main/resources/static/js/csrf.js b/src/main/resources/static/js/csrf.js
new file mode 100644
index 00000000..78790c4b
--- /dev/null
+++ b/src/main/resources/static/js/csrf.js
@@ -0,0 +1,35 @@
+document.addEventListener('DOMContentLoaded', function() {
+ // Get CSRF token from cookie
+ const getCsrfToken = () => {
+ return document.cookie
+ .split('; ')
+ .find(row => row.startsWith('XSRF-TOKEN='))
+ ?.split('=')[1];
+ };
+
+ // Function to decode the URI-encoded cookie value
+ const decodeCsrfToken = (token) => {
+ if (token) {
+ return decodeURIComponent(token);
+ }
+ return null;
+ };
+
+ // Find all forms and add CSRF token
+ const forms = document.querySelectorAll('form');
+ forms.forEach(form => {
+ // Remove any existing CSRF input fields
+ const existingCsrfInputs = form.querySelectorAll('input[name="_csrf"]');
+ existingCsrfInputs.forEach(input => input.remove());
+
+ // Create and add new CSRF input field
+ const csrfToken = decodeCsrfToken(getCsrfToken());
+ if (csrfToken) {
+ const csrfInput = document.createElement('input');
+ csrfInput.type = 'hidden';
+ csrfInput.name = '_csrf';
+ csrfInput.value = csrfToken;
+ form.appendChild(csrfInput);
+ }
+ });
+});
\ No newline at end of file
diff --git a/src/main/resources/templates/fragments/common.html b/src/main/resources/templates/fragments/common.html
index 1cd908a6..a6099f5a 100644
--- a/src/main/resources/templates/fragments/common.html
+++ b/src/main/resources/templates/fragments/common.html
@@ -73,6 +73,7 @@
+