From e4226d352e67231a9671410ce2ce4e774ef65631 Mon Sep 17 00:00:00 2001
From: Abner Tudtud <114082473+enjinabner@users.noreply.github.com>
Date: Wed, 26 Jun 2024 11:34:49 +0800
Subject: [PATCH] [PLA-1864] Remove csrf cookie meta and use cookie instead
 (#127)

---
 resources/js/api/index.ts                  | 7 +------
 resources/js/components/pages/Settings.vue | 2 --
 resources/js/store/index.ts                | 2 --
 resources/views/app.blade.php              | 3 +--
 4 files changed, 2 insertions(+), 12 deletions(-)

diff --git a/resources/js/api/index.ts b/resources/js/api/index.ts
index 272b4a3..1166e6f 100644
--- a/resources/js/api/index.ts
+++ b/resources/js/api/index.ts
@@ -38,7 +38,6 @@ export class ApiService {
     }): Promise<any> {
         let body: string | null = null;
         const fullUrl = url;
-        const csrf = document.head.querySelector('meta[name="csrf-token"]')?.getAttribute('content');
 
         if (Object.keys(data).length > 0) {
             body = JSON.stringify(data);
@@ -46,8 +45,6 @@ export class ApiService {
 
         if (!useAppStore().isMultiTenant) {
             headers.Authorization = useAppStore().config.authorization_token;
-        } else {
-            headers['X-CSRF-TOKEN'] = csrf;
         }
 
         const resp = await fetch(fullUrl, {
@@ -63,9 +60,7 @@ export class ApiService {
         });
 
         if (resp.status === 419 && nest && useAppStore().isMultiTenant) {
-            if (await this.reloadCsrf()) {
-                return this.request({ url, method, data, headers });
-            }
+            return this.request({ url, method, data, headers });
         }
 
         if (resp.status === 204) {
diff --git a/resources/js/components/pages/Settings.vue b/resources/js/components/pages/Settings.vue
index 66b9367..bf73b28 100644
--- a/resources/js/components/pages/Settings.vue
+++ b/resources/js/components/pages/Settings.vue
@@ -103,7 +103,6 @@ import CollapseCard from '../CollapseCard.vue';
 import Tooltip from '../Tooltip.vue';
 import { AuthApi } from '~/api/auth';
 import ConfirmModal from '../ConfirmModal.vue';
-import { ApiService } from '~/api';
 import SettingsChangeEmail from './SettingsChangeEmail.vue';
 import VerifyPasswordModal from './VerifyPasswordModal.vue';
 
@@ -137,7 +136,6 @@ const formatName = (name: string) => {
 const deleteAccount = async (password) => {
     await AuthApi.deleteAccount(password);
     appStore.clearLogin();
-    await ApiService.reloadCsrf();
 };
 
 watch(
diff --git a/resources/js/store/index.ts b/resources/js/store/index.ts
index e9965cb..767f1f3 100644
--- a/resources/js/store/index.ts
+++ b/resources/js/store/index.ts
@@ -216,7 +216,6 @@ export const useAppStore = defineStore('app', {
                 throw [{ field: 'Login error', message: 'Invalid credentials' }];
             }
 
-            await ApiService.reloadCsrf();
             if (this.config.tenant) {
                 await this.getUser();
                 if (!this.user.isVerified) {
@@ -233,7 +232,6 @@ export const useAppStore = defineStore('app', {
             this.loggedIn = false;
             await AuthApi.logout();
             this.clearLogin();
-            await ApiService.reloadCsrf();
         },
         clearLogin() {
             this.user = null;
diff --git a/resources/views/app.blade.php b/resources/views/app.blade.php
index ac3db3c..97cae7a 100644
--- a/resources/views/app.blade.php
+++ b/resources/views/app.blade.php
@@ -3,8 +3,7 @@
 <head>
 	<meta charset="utf-8">
 	<meta name="viewport" content="width=device-width, initial-scale=1">
-    <meta name="csrf-token" content="{{ csrf_token() }}">
-	<title>Enjin Platform</title>
+    <title>Enjin Platform</title>
     <link href="/vendor/platform-ui/favicon.png" rel="shortcut icon" type="image/x-icon" />
 
 	@vite('resources/css/app.css', 'vendor/platform-ui/build')