From b63a9b254fb850d62238b68c1354fb5c910dda55 Mon Sep 17 00:00:00 2001 From: Arthur Lu Date: Thu, 15 Dec 2022 23:15:52 -0800 Subject: [PATCH] add csrf token saving --- scripts/login.js | 2 +- scripts/utils.js | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/login.js b/scripts/login.js index 0d36354..56bf9d4 100644 --- a/scripts/login.js +++ b/scripts/login.js @@ -13,7 +13,7 @@ function init (){ try { status.innerText = "Authenticating..."; let ticket = await requestTicket(formData.get("username"), formData.get("password")); - setTicket(ticket.data.ticket); + setTicket(ticket.data.ticket, ticket.data.CSRFPreventionToken); window.location.href = "index.html"; } catch (error) { diff --git a/scripts/utils.js b/scripts/utils.js index 1f4ff38..0c8b8e5 100644 --- a/scripts/utils.js +++ b/scripts/utils.js @@ -18,10 +18,11 @@ export async function requestTicket (username, password) { return response; } -export function setTicket (ticket) { +export function setTicket (ticket, csrf) { let d = new Date(); d.setTime(d.getTime() + (2*60*60*1000)); document.cookie = `PVEAuthCookie=${ticket}; path=/; expires=${d.toUTCString()}; domain=.tronnet.net`; + document.cookie = `CSRFPreventionToken=${csrf}; path=/; expires=${d.toUTCString()}; domain=.tronnet.net;` } export async function request (path, method, body = null, auth = true) {