Send CSRF token in rawStat #1797
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -23,6 +23,7 @@ | |
| import { getClient } from './WebdavClient' | ||
| import { genFileInfo, type FileInfo } from '../utils/fileUtils' | ||
| import { createClient, type FileStat, type ResponseDataDetailed } from 'webdav' | ||
| import { getRequestToken } from '@nextcloud/auth' | ||
|
|
||
| const statData = `<?xml version="1.0"?> | ||
| <d:propfind xmlns:d="DAV:" | ||
|
|
@@ -53,6 +54,8 @@ | |
|
|
||
| /** | ||
| * Retrieve the files list | ||
| * @param path | ||
|
Check warning on line 57 in src/services/FileInfo.ts
|
||
| * @param options | ||
|
Check warning on line 58 in src/services/FileInfo.ts
|
||
| */ | ||
| export default async function(path: string, options = {}): Promise<FileInfo> { | ||
| const response = await getClient().stat(path, Object.assign({ | ||
|
|
@@ -64,9 +67,12 @@ | |
|
|
||
| /** | ||
| * Retrieve the files list | ||
| * @param origin | ||
| * @param path | ||
| * @param options | ||
| */ | ||
| export async function rawStat(origin: string, path: string, options = {}) { | ||
| const response = await createClient(origin, { headers: { requesttoken: getRequestToken() || '' } }).stat(path, { | ||
| ...options, | ||
| data: statData, | ||
| details: true, | ||
|
|
||
GitHub Actions
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
viewer/src/services/WebdavClient.ts
Line 30 in 2016523
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about this?
We already inject the token in the client, do you actually needs to set it again?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This client only work with
/dav/filesendpoints, and I need it to work with other endpoints like/dav/files_versions.Or am I missing something ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I saw the
import { getClient } from './WebdavClient'and assumed you were using it as well, didn't realize the createClient.The rawStat
createClientis confusing. No other dav implementation in Viewer accept out-of-user-root pathsI didn't see that in the PR that added this, I would have blocked it otherwise.
Viewer does NOT support files outside of the user root anyway ? Any reason you're not reusing our
WebdavClient.tsthen?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Viewer need to be able to edit pictures from
/dav/photos/user/albumsand equivalent.It will also need to be able display files' versions.
Any reason viewer should not support files outside of users' root ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not implemented.
We need to implement the entire Viewer using the
File/Foldernew standard.That way we'll know what to expect.
Let's leave it like that, it's a bit hacky but t works™ :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Inconsistency in what the backend supports (dav properties)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, let's have a call about this 🙈