Conversation
ShGKme
left a comment
ShGKme
left a comment
There was a problem hiding this comment.
The change makes sense, but to make it complete, we need slightly more changes.
However, I don't see how this fixes the linked issue on the server...
| const { data: { token } } = await axios.get(generateUrl('/csrftoken')) | ||
| console.debug(`New request token ${token} fetched`) | ||
| axios.defaults.headers.requesttoken = token | ||
| emit('csrf-token-update', { token }) |
There was a problem hiding this comment.
This sets OC.requestToken and updates token for every current csrf-token-update listener. But the new executed code may still initialize CSRF token only from document.head.dataset.requesttoken which is unchanged here, resulting in the error again.
Server has setRequestToken that coverts it, but not in public API:
https://github.com/nextcloud/server/blob/e7c4dbf2cbde841b6f7126e27b22c10f979c6cd7/core/src/OC/requesttoken.ts#L23
IMO, we should:
- Move
setRequestTokenfromserverto@nextcloud/auth: https://github.com/nextcloud-libraries/nextcloud-auth/blob/main/lib/requesttoken.ts - Use
setRequestTokenhere and on theserver
There was a problem hiding this comment.
Yes!
Maybe not a setRequestToken but updateRequestToken to keep logic about fetching a new token in one place?
There was a problem hiding this comment.
To minimal changes, we can add document.head.dataset.requesttoken = e.token after OC.requestToken = e.token
There was a problem hiding this comment.
It seems my commit message need change to emit('csrf-token-update', { token }) after /csrftoken. update OC.requestToken not the reason i fixed the problem...
There was a problem hiding this comment.
Yes! Maybe not a
setRequestTokenbutupdateRequestTokento keep logic about fetching a new token in one place?
You can found it at https://github.com/nextcloud/server/blob/master/core/src/OC/requesttoken.ts#L38
Signed-off-by: FlyInWind <2518509078@qq.com>
FlyInWind1
changed the title
3 participants
fix nextcloud/server#57273
some http request like
/remote.php/dav/trashbin/user/trash/use it own axios instance (example trasbin)create by getClient function, that not add onCsrfTokenError interceptor and will not update requesttoken itself
but it subscribed csrf-token-update, after
emit('csrf-token-update', { token })it's token will update.with my commit, when the request has onCsrfTokenError interceptor like
/ocs/v2.php/apps/notifications/api/v2/notificationsupdated token andemit('csrf-token-update', { token }), all axios instance will update it's tokenmybe we also need modify getClient function, add onCsrfTokenError interceptor for it