csrf fix for account

2025-01-08 18:27:13 +00:00
parent e49ca245e5
commit f879f5d533
1 changed files with 32 additions and 22 deletions
--- a/src/main/resources/templates/account.html
+++ b/src/main/resources/templates/account.html
@@ -267,7 +267,7 @@
              </div>
              <script th:inline="javascript">
-                document.addEventListener("DOMContentLoaded", function() {
+                document.addEventListener("DOMContentLoaded", async function() {
                  const settingsTableBody = document.querySelector("#settingsTable tbody");
                  /*<![CDATA[*/
@@ -306,28 +306,38 @@
                    location.reload();  // Refresh the page after sync
                  });
-                  document.getElementById('syncToAccount').addEventListener('click', function() {
+                  document.getElementById('syncToAccount').addEventListener('click', async  function() {
                    /*<![CDATA[*/
-                    const urlUpdateUserSettings = /*[[@{/api/v1/user/updateUserSettings}]]*/ "/api/v1/user/updateUserSettings";
+			        const urlUpdateUserSettings = /*[[@{/api/v1/user/updateUserSettings}]]*/ "/api/v1/user/updateUserSettings";
-                    /*]]>*/
+			        /*]]>*/
-                    let form = document.createElement("form");
+			        
-                    form.method = "POST";
+			        let settings = {};
-                    form.action = urlUpdateUserSettings;  // Your endpoint URL
+			        for (let i = 0; i < localStorage.length; i++) {
-
+			          const key = localStorage.key(i);
-                    for (let i = 0; i < localStorage.length; i++) {
+			          if(key !== 'debug' && key !== '0' && key !== '1' && !key.includes('pdfjs') && !key.includes('posthog') && !key.includes('pageViews')) {
-                      const key = localStorage.key(i);
+			            settings[key] = localStorage.getItem(key);
-                      if(key !== 'debug' && key !== '0' && key !== '1' && !key.includes('pdfjs') && !key.includes('posthog') && !key.includes('pageViews')) { // Only send non-ignored keys
+			          }
-                        let hiddenField = document.createElement("input");
+			        }
-                        hiddenField.type = "hidden";
+			
-                        hiddenField.name = key;
+			        try {
-                        hiddenField.value = localStorage.getItem(key);
+			          const response = await window.fetchWithCsrf(urlUpdateUserSettings, {
-                        form.appendChild(hiddenField);
+			            method: 'POST',
-                      }
+			            headers: {
-                    }
+			              'Content-Type': 'application/json',
-
+			            },
-                    document.body.appendChild(form);
+			            body: JSON.stringify(settings)
-                    form.submit();
+			          });
-                  });
+			
 			          if (response.ok) {
 			            location.reload();
 			          } else {
 			            alert('Error syncing settings to account');
 			          }
 			        } catch (error) {
 			          console.error('Error:', error);
 			          alert('Error syncing settings to account');
 			        }
 			      });
                });
              </script>