Feature/save signs (#2127)

* apply fix * Fixes empty th:action * Update build.gradle * fix * formatting * Save signatures * Fix code scanning alert no. 42: Uncontrolled data used in path expression Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * fix UserServiceInterface * Merge branch 'feature/saveSigns' of git@github.com:Stirling-Tools/Stirling-PDF.git into feature/saveSigns * 0.31.0 bump and further csrf * formatting * preview name * add * sign doc * Update translation files (#2128) Signed-off-by: GitHub Action <action@github.com> Co-authored-by: GitHub Action <action@github.com> --------- Signed-off-by: GitHub Action <action@github.com> Co-authored-by: Dimitrios Kaitantzidis <james_k23@hotmail.gr> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: a <a> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: GitHub Action <action@github.com>
2024-10-30 12:46:44 +00:00
parent ed75fa4e1b
commit 27d2681a97
56 changed files with 741 additions and 44 deletions
--- a/src/main/resources/static/js/fetch-utils.js
+++ b/src/main/resources/static/js/fetch-utils.js
@@ -0,0 +1,29 @@
+window.fetchWithCsrf = async function(url, options = {}) {
+    function getCsrfToken() {
+        const cookieValue = document.cookie
+            .split('; ')
+            .find(row => row.startsWith('XSRF-TOKEN='))
+            ?.split('=')[1];
+        
+        if (cookieValue) {
+            return cookieValue;
+        }
+        
+        const csrfElement = document.querySelector('input[name="_csrf"]');
+        return csrfElement ? csrfElement.value : null;
+    }
+
+    // Create a new options object to avoid modifying the passed object
+    const fetchOptions = { ...options };
+    
+    // Ensure headers object exists
+    fetchOptions.headers = { ...options.headers };
+    
+    // Add CSRF token if available
+    const csrfToken = getCsrfToken();
+    if (csrfToken) {
+        fetchOptions.headers['X-XSRF-TOKEN'] = csrfToken;
+    }
+
+    return fetch(url, fetchOptions);
+}
--- a/src/main/resources/static/js/pipeline.js
+++ b/src/main/resources/static/js/pipeline.js
@@ -119,7 +119,7 @@ document.getElementById("submitConfigBtn").addEventListener("click", function ()
  formData.append("json", pipelineConfigJson);
  console.log("formData", formData);

-  fetch("api/v1/pipeline/handleData", {
+  fetchWithCsrf("api/v1/pipeline/handleData", {
    method: "POST",
    body: formData,
  })
@@ -154,7 +154,7 @@ let apiDocs = {};
 let apiSchemas = {};
 let operationSettings = {};

-fetch("v1/api-docs")
+fetchWithCsrf("v1/api-docs")
  .then((response) => response.json())
  .then((data) => {
    apiDocs = data.paths;