[PLA-1864] Remove csrf cookie meta and use cookie instead (#127)

enjin · Jun 26, 2024 · e4226d3 · e4226d3
1 parent ffa0c52
commit e4226d3
Show file tree

Hide file tree

Showing 4 changed files with 2 additions and 12 deletions.
diff --git a/resources/js/api/index.ts b/resources/js/api/index.ts
@@ -38,16 +38,13 @@ export class ApiService {
     }): Promise<any> {
         let body: string | null = null;
         const fullUrl = url;
-        const csrf = document.head.querySelector('meta[name="csrf-token"]')?.getAttribute('content');
 
         if (Object.keys(data).length > 0) {
             body = JSON.stringify(data);
         }
 
         if (!useAppStore().isMultiTenant) {
             headers.Authorization = useAppStore().config.authorization_token;
-        } else {
-            headers['X-CSRF-TOKEN'] = csrf;
         }
 
         const resp = await fetch(fullUrl, {
@@ -63,9 +60,7 @@ export class ApiService {
         });
 
         if (resp.status === 419 && nest && useAppStore().isMultiTenant) {
-            if (await this.reloadCsrf()) {
-                return this.request({ url, method, data, headers });
-            }
+            return this.request({ url, method, data, headers });
         }
 
         if (resp.status === 204) {

diff --git a/resources/js/components/pages/Settings.vue b/resources/js/components/pages/Settings.vue
@@ -103,7 +103,6 @@ import CollapseCard from '../CollapseCard.vue';
 import Tooltip from '../Tooltip.vue';
 import { AuthApi } from '~/api/auth';
 import ConfirmModal from '../ConfirmModal.vue';
-import { ApiService } from '~/api';
 import SettingsChangeEmail from './SettingsChangeEmail.vue';
 import VerifyPasswordModal from './VerifyPasswordModal.vue';
 
@@ -137,7 +136,6 @@ const formatName = (name: string) => {
 const deleteAccount = async (password) => {
     await AuthApi.deleteAccount(password);
     appStore.clearLogin();
-    await ApiService.reloadCsrf();
 };
 
 watch(

diff --git a/resources/js/store/index.ts b/resources/js/store/index.ts
@@ -216,7 +216,6 @@ export const useAppStore = defineStore('app', {
                 throw [{ field: 'Login error', message: 'Invalid credentials' }];
             }
 
-            await ApiService.reloadCsrf();
             if (this.config.tenant) {
                 await this.getUser();
                 if (!this.user.isVerified) {
@@ -233,7 +232,6 @@ export const useAppStore = defineStore('app', {
             this.loggedIn = false;
             await AuthApi.logout();
             this.clearLogin();
-            await ApiService.reloadCsrf();
         },
         clearLogin() {
             this.user = null;

diff --git a/resources/views/app.blade.php b/resources/views/app.blade.php
@@ -3,8 +3,7 @@
 <head>
 	<meta charset="utf-8">
 	<meta name="viewport" content="width=device-width, initial-scale=1">
-    <meta name="csrf-token" content="{{ csrf_token() }}">
-	<title>Enjin Platform</title>
+    <title>Enjin Platform</title>
     <link href="/vendor/platform-ui/favicon.png" rel="shortcut icon" type="image/x-icon" />
 
 	@vite('resources/css/app.css', 'vendor/platform-ui/build')