fix: force uploads to use auth headers instead of cookie

a04f7bd6 · NGPixel · 92fe9d3e · a04f7bd6 · a04f7bd6
Unverified Commit a04f7bd6 authored Jan 22, 2022 by NGPixel
Show whitespace changes
Inline Side-by-side

Showing with 17 additions and 1 deletion

editor-modal-media.vue client/components/editor/editor-modal-media.vue +13 -1

security.js server/helpers/security.js +4 -0

No files found.
--- a/client/components/editor/editor-modal-media.vue
+++ b/client/components/editor/editor-modal-media.vue
@@ -143,7 +143,7 @@
                allow-multiple='true'
                :files='files'
                max-files='10'
-                server='/u'
+                :server='filePondServerOpts'
                :instant-upload='false'
                :allow-revert='false'
                @processfile='onFileProcessed'
@@ -230,6 +230,7 @@
 <script>
 import _ from 'lodash'
 import { get, sync } from 'vuex-pathify'
+import Cookies from 'js-cookie'
 import vueFilePond from 'vue-filepond'
 import 'filepond/dist/filepond.min.css'

@@ -312,6 +313,17 @@ export default {
    },
    currentAsset () {
      return _.find(this.assets, ['id', this.currentFileId]) || {}
+    },
+    filePondServerOpts () {
+      const jwtToken = Cookies.get('jwt')
+      return {
+        process: {
+          url: '/u',
+          headers: {
+            'Authorization': `Bearer ${jwtToken}`
+          }
+        }
+      }
    }
  },
  watch: {

--- a/server/helpers/security.js
+++ b/server/helpers/security.js
@@ -31,6 +31,10 @@ module.exports = {
      if (req && req.cookies) {
        token = req.cookies['jwt']
      }
+      // Force uploads to use Auth headers
+      if (req.path === '/u') {
+        return null
+      }
      return token
    }
  ])