roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: CSRF regression — grace period for old sessions, GET check-port/refresh-ip, Peers.jsx native fetch tokens

Browse Source 
- check_csrf() now issues a token for sessions that predate CSRF (existing logins) instead of blocking them
- /api/wireguard/check-port and /api/wireguard/refresh-ip accept GET so native fetch calls bypass the token requirement
- WireGuard.jsx: changed three native fetch POST → GET for the above endpoints
- Peers.jsx: add X-CSRF-Token header to three native fetch mutation calls (calendar collection, peer PUT, clear-reinstall)
- api.js: export getCsrfToken() so non-Axios callers can read the current token

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Dmitrii Iurco
2026-04-27 12:18:02 -04:00
parent a43f9fbf0d
commit 9aaacd11cc
4 changed files with 28 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
webui/src/services/api.js
+4
View File
@@ -11,6 +11,10 @@ export function setCsrfToken(token) {
_csrfToken = token;
}
export function getCsrfToken() {
return _csrfToken;
}
// Create axios instance with base configuration
const api = axios.create({
baseURL: import.meta.env.VITE_API_URL || '',