include RateLimitHeaders
- skip_before_action :verify_authenticity_token
skip_before_action :store_current_location
+ protect_from_forgery with: :null_session
rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e|
render json: { error: e.to_s }, status: 422
-import axios from 'axios';
+import api from '../../api';
import { pushNotificationsSetting } from '../../settings';
import { setBrowserSupport, setSubscription, clearSubscription } from './setter';
const unsubscribe = ({ registration, subscription }) =>
subscription ? subscription.unsubscribe().then(() => registration) : registration;
-const sendSubscriptionToBackend = (subscription, me) => {
+const sendSubscriptionToBackend = (getState, subscription, me) => {
const params = { subscription };
if (me) {
}
}
- return axios.post('/api/web/push_subscriptions', params).then(response => response.data);
+ return api(getState).post('/api/web/push_subscriptions', params).then(response => response.data);
};
// Last one checks for payload support: https://web-push-book.gauntface.com/chapter-06/01-non-standards-browsers/#no-payload
} else {
// Something went wrong, try to subscribe again
return unsubscribe({ registration, subscription }).then(subscribe).then(
- subscription => sendSubscriptionToBackend(subscription, me));
+ subscription => sendSubscriptionToBackend(getState, subscription, me));
}
}
// No subscription, try to subscribe
return subscribe(registration).then(
- subscription => sendSubscriptionToBackend(subscription, me));
+ subscription => sendSubscriptionToBackend(getState, subscription, me));
})
.then(subscription => {
// If we got a PushSubscription (and not a subscription object from the backend)
const alerts = state.get('alerts');
const data = { alerts };
- axios.put(`/api/web/push_subscriptions/${subscription.get('id')}`, {
+ api(getState).put(`/api/web/push_subscriptions/${subscription.get('id')}`, {
data,
}).then(() => {
const me = getState().getIn(['meta', 'me']);
-import axios from 'axios';
+import api from '../api';
import { debounce } from 'lodash';
export const SETTING_CHANGE = 'SETTING_CHANGE';
const data = getState().get('settings').filter((_, path) => path !== 'saved').toJS();
- axios.put('/api/web/settings', { data }).then(() => dispatch({ type: SETTING_SAVE }));
+ api(getState).put('/api/web/settings', { data }).then(() => dispatch({ type: SETTING_SAVE }));
}, 5000, { trailing: true });
export function saveSettings() {
import axios from 'axios';
+import ready from './ready';
import LinkHeader from './link_header';
export const getLinks = response => {
return LinkHeader.parse(value);
};
+let csrfHeader = {};
+function setCSRFHeader() {
+ const csrfToken = document.querySelector('meta[name=csrf-token]').content;
+ csrfHeader['X-CSRF-Token'] = csrfToken;
+}
+ready(setCSRFHeader);
+
export default getState => axios.create({
- headers: {
+ headers: Object.assign(csrfHeader, getState ? {
'Authorization': `Bearer ${getState().getIn(['meta', 'access_token'], '')}`,
- },
+ } : {}),
transformResponse: [function (data) {
try {
import PropTypes from 'prop-types';
import ImmutablePureComponent from 'react-immutable-pure-component';
import { FormattedMessage, injectIntl } from 'react-intl';
-import axios from 'axios';
+import api from '../../../api';
@injectIntl
export default class EmbedModal extends ImmutablePureComponent {
this.setState({ loading: true });
- axios.post('/api/web/embed', { url }).then(res => {
+ api().post('/api/web/embed', { url }).then(res => {
this.setState({ loading: false, oembed: res.data });
const iframeDocument = this.iframe.contentWindow.document;
cat aescling's git repositories / mastodon.git / commitdiff