Add call to use X-CSRFToken in relevant POST methods

2026-03-02 21:19:12 +00:00 · 2023-06-26 12:38:00 -07:00
parent 35e24d7851
commit ddd550e6f4
4 changed files with 11 additions and 0 deletions
--- a/src/khoj/interface/web/config.html
+++ b/src/khoj/interface/web/config.html
@@ -98,8 +98,13 @@
        event.preventDefault();
        configure.disabled = true;
        configure.innerHTML = "Configuring...";
+        const csrfToken = document.cookie.split('; ').find(row => row.startsWith('csrftoken'))?.split('=')[1];
        fetch('/api/update?force=true&client=web', {
            method: 'GET',
+            headers: {
+                'Content-Type': 'application/json',
+                'X-CSRFToken': csrfToken
+            }
        })
        .then(response => response.json())
        .then(data => {
--- a/src/khoj/interface/web/content_type_github_input.html
+++ b/src/khoj/interface/web/content_type_github_input.html
@@ -79,10 +79,12 @@
        var repo_name = document.getElementById("repo-name").value;
        var repo_branch = document.getElementById("repo-branch").value;

+        const csrfToken = document.cookie.split('; ').find(row => row.startsWith('csrftoken'))?.split('=')[1];
        fetch('/api/config/data/content_type/github', {
            method: 'POST',
            headers: {
                'Content-Type': 'application/json',
+                'X-CSRFToken': csrfToken,
            },
            body: JSON.stringify({
                "pat_token": pat_token,
--- a/src/khoj/interface/web/content_type_input.html
+++ b/src/khoj/interface/web/content_type_input.html
@@ -131,10 +131,12 @@
        var embeddings_file = document.getElementById("embeddings-file").value;
        var index_heading_entries = document.getElementById("index-heading-entries").value;

+        const csrfToken = document.cookie.split('; ').find(row => row.startsWith('csrftoken'))?.split('=')[1];
        fetch('/api/config/data/content_type/{{ content_type }}', {
            method: 'POST',
            headers: {
                'Content-Type': 'application/json',
+                'X-CSRFToken': csrfToken
            },
            body: JSON.stringify({
                "input_files": input_files,
--- a/src/khoj/interface/web/processor_conversation_input.html
+++ b/src/khoj/interface/web/processor_conversation_input.html
@@ -61,10 +61,12 @@
        var model = document.getElementById("model").value;
        var chat_model = document.getElementById("chat-model").value;

+        const csrfToken = document.cookie.split('; ').find(row => row.startsWith('csrftoken'))?.split('=')[1];
        fetch('/api/config/data/processor/conversation', {
            method: 'POST',
            headers: {
                'Content-Type': 'application/json',
+                'X-CSRFToken': csrfToken
            },
            body: JSON.stringify({
                "openai_api_key": openai_api_key,