-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Send CSRF token in rawStat #1797
Send CSRF token in rawStat #1797
Conversation
Signed-off-by: Louis Chemineau <louis@chmn.me>
c06090d
to
2016523
Compare
/backport to stable27 |
/backport to stable26 |
/backport to stable25 |
*/ | ||
export async function rawStat(origin: string, path: string, options = {}) { | ||
const response = await createClient(origin).stat(path, { | ||
const response = await createClient(origin, { headers: { requesttoken: getRequestToken() || '' } }).stat(path, { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
viewer/src/services/WebdavClient.ts
Line 30 in 2016523
: { headers: { requesttoken: getRequestToken() || '' } }, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about this?
We already inject the token in the client, do you actually needs to set it again?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This client only work with /dav/files
endpoints, and I need it to work with other endpoints like /dav/files_versions
.
Or am I missing something ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I saw the import { getClient } from './WebdavClient'
and assumed you were using it as well, didn't realize the createClient.
The rawStat createClient
is confusing. No other dav implementation in Viewer accept out-of-user-root paths
I didn't see that in the PR that added this, I would have blocked it otherwise.
Viewer does NOT support files outside of the user root anyway ? Any reason you're not reusing our WebdavClient.ts
then?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Viewer need to be able to edit pictures from /dav/photos/user/albums
and equivalent.
It will also need to be able display files' versions.
Any reason viewer should not support files outside of users' root ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any reason viewer should not support files outside of users' root ?
Not implemented.
We need to implement the entire Viewer using the File/Folder
new standard.
That way we'll know what to expect.
Let's leave it like that, it's a bit hacky but t works™ :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any reason viewer should not support files outside of users' root ?
Inconsistency in what the backend supports (dav properties)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It will also need to be able display files' versions.
Well, let's have a call about this 🙈
The backport to stable27 failed. Please do this backport manually. # Switch to the target branch and update it
git checkout stable27
git pull origin stable27
# Create the new backport branch
git checkout -b fix/foo-stable27
# Cherry pick the change from the commit sha1 of the change against the default branch
# This might cause conflicts. Resolve them.
git cherry-pick abc123
# Push the cherry pick commit to the remote repository and open a pull request
git push origin fix/foo-stable27 More info at https://docs.nextcloud.com/server/latest/developer_manual/getting_started/development_process.html#manual-backport |
The backport to stable26 failed. Please do this backport manually. # Switch to the target branch and update it
git checkout stable26
git pull origin stable26
# Create the new backport branch
git checkout -b fix/foo-stable26
# Cherry pick the change from the commit sha1 of the change against the default branch
# This might cause conflicts. Resolve them.
git cherry-pick abc123
# Push the cherry pick commit to the remote repository and open a pull request
git push origin fix/foo-stable26 More info at https://docs.nextcloud.com/server/latest/developer_manual/getting_started/development_process.html#manual-backport |
The backport to stable25 failed. Please do this backport manually. # Switch to the target branch and update it
git checkout stable25
git pull origin stable25
# Create the new backport branch
git checkout -b fix/foo-stable25
# Cherry pick the change from the commit sha1 of the change against the default branch
# This might cause conflicts. Resolve them.
git cherry-pick abc123
# Push the cherry pick commit to the remote repository and open a pull request
git push origin fix/foo-stable25 More info at https://docs.nextcloud.com/server/latest/developer_manual/getting_started/development_process.html#manual-backport |
Without it, the request fails.
Not sure why it wasn't an issue during my initial testing.
Follow up of #1709