Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
Thimo Kraemer
KSS
Commits
6b49c55b
Commit
6b49c55b
authored
Oct 08, 2018
by
Thimo Kraemer
Browse files
Added CSRF support
parent
3cbb7ca0
Changes
2
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
74 additions
and
54 deletions
+74
-54
kss.js
kss.js
+72
-52
kss.min.js
kss.min.js
+2
-2
No files found.
kss.js
View file @
6b49c55b
/*
* KSS-RPC v0.
6
-beta
* KSS-RPC v0.
7
-beta
*
* Copyright (c) 2017, joonis new media
* Author: Thimo Kraemer <thimo.kraemer@joonis.de>
...
...
@@ -61,7 +61,7 @@
******************************************************************************************/
var
kss
=
{
version
:
'
0.
6
-beta
'
,
version
:
'
0.
7
-beta
'
,
_initialized
:
false
,
_ruleSheets
:
{},
_eventBinders
:
{},
...
...
@@ -76,7 +76,10 @@ var kss = {
protocol
:
'
json-rpc
'
,
/* json-rpc | xml-rpc | url-encoded | json */
endpoint
:
''
,
dateEncoding
:
'
iso8601
'
,
/* @timestamp@ | asp.net | class-hinting */
timeout
:
10000
timeout
:
10000
,
csrfSelector
:
null
,
csrfCookie
:
null
,
csrfHeader
:
null
}
};
...
...
@@ -934,56 +937,48 @@ kss.toQueryString = function(params) {
******************************************************************************************/
kss
.
RPC
=
function
(
endpoint
,
options
)
{
this
.
_endpoint
=
endpoint
;
//Set other default options
this
.
_methodList
=
[];
// "json-rpc" || "xml-rpc" || "url-encoded" || "json"
this
.
_protocol
=
'
json-rpc
'
;
this
.
_timeout
=
10000
;
// "iso8601" || "@timestamp@" || "class-hinting" || "asp.net"
this
.
_dateEncoding
=
'
iso8601
'
;
this
.
_decodeISO8601
=
true
;
// JSON only
//Get the provided options
if
(
options
){
if
(
options
.
protocol
)
{
var
protocol
=
options
.
protocol
.
toLowerCase
();
switch
(
protocol
)
{
case
'
json-rpc
'
:
case
'
json-rpc-v1
'
:
case
'
json-rpc-v2
'
:
case
'
xml-rpc
'
:
case
'
url-encoded
'
:
case
'
json
'
:
this
.
_protocol
=
protocol
;
break
;
default
:
throw
new
Error
(
'
unknown protocol
'
);
}
}
if
(
options
.
timeout
)
this
.
_timeout
=
parseInt
(
options
.
timeout
);
if
(
options
.
dateEncoding
)
{
var
dateEncoding
=
options
.
dateEncoding
.
toLowerCase
();
switch
(
dateEncoding
)
{
case
'
iso8601
'
:
case
'
@timestamp@
'
:
case
'
class-hinting
'
:
case
'
asp.net
'
:
this
.
_dateEncoding
=
dateEncoding
;
break
;
default
:
throw
new
Error
(
'
unknown dateEncoding
'
);
}
}
if
(
options
.
decodeISO8601
!==
undefined
)
this
.
_decodeISO8601
=
!!
options
.
decodeISO8601
;
if
(
options
.
methods
==
'
auto
'
)
this
.
_methodList
=
this
.
invoke
(
"
system.listMethods
"
);
else
if
(
options
.
methods
)
this
.
_methodList
=
options
.
methods
.
slice
();
// Set options
options
=
options
||
{}
// Protocol
this
.
_protocol
=
(
options
.
protocol
||
'
json-rpc
'
).
toLowerCase
();
switch
(
this
.
_protocol
)
{
case
'
json-rpc
'
:
case
'
json-rpc-v1
'
:
case
'
json-rpc-v2
'
:
case
'
xml-rpc
'
:
case
'
url-encoded
'
:
case
'
json
'
:
break
;
default
:
throw
new
Error
(
'
unknown protocol
'
);
}
this
.
_timeout
=
parseInt
(
options
.
timeout
||
10000
);
// Date encoding
this
.
_dateEncoding
=
(
options
.
dateEncoding
||
'
iso8601
'
).
toLowerCase
();
switch
(
this
.
_dateEncoding
)
{
case
'
iso8601
'
:
case
'
@timestamp@
'
:
case
'
class-hinting
'
:
case
'
asp.net
'
:
break
;
default
:
throw
new
Error
(
'
unknown dateEncoding
'
);
}
this
.
_decodeISO8601
=
true
;
// JSON only
if
(
options
.
decodeISO8601
!==
undefined
)
this
.
_decodeISO8601
=
!!
options
.
decodeISO8601
;
// CSRF token
this
.
_csrfSelector
=
options
.
csrfSelector
;
this
.
_csrfCookie
=
options
.
csrfCookie
;
this
.
_csrfHeader
=
options
.
csrfHeader
;
// RPC methods
this
.
_methodList
=
[];
if
(
options
.
methods
==
'
auto
'
)
this
.
_methodList
=
this
.
invoke
(
"
system.listMethods
"
);
else
if
(
options
.
methods
)
this
.
_methodList
=
options
.
methods
.
slice
();
this
.
_methodList
.
push
(
'
system.listMethods
'
);
this
.
_methodList
.
push
(
'
system.describe
'
);
...
...
@@ -1030,7 +1025,7 @@ kss.RPC.prototype.invoke = function(method, params,
}
var
postData
,
headers
;
var
url
=
this
.
_endpoint
;
var
url
=
kss
.
toAbsoluteURL
(
this
.
_endpoint
)
;
// Prepare the URL-ENCODED or JSON request
if
(
this
.
_protocol
==
'
url-encoded
'
||
this
.
_protocol
==
'
json
'
)
{
if
(
url
&&
url
.
substr
(
-
1
)
!=
'
/
'
)
{
...
...
@@ -1073,6 +1068,23 @@ kss.RPC.prototype.invoke = function(method, params,
};
}
// CSRF token
var
sameOrigin
=
!
url
.
split
(
'
://
'
)[
1
].
indexOf
(
window
.
location
.
host
);
if
(
sameOrigin
&&
this
.
_csrfHeader
)
{
var
csrfToken
;
if
(
this
.
_csrfCookie
)
{
csrfToken
=
kss
.
getCookie
(
this
.
_csrfCookie
);
}
if
(
!
csrfToken
&&
this
.
_csrfSelector
)
{
var
el
=
kss
.
cssQuery
(
this
.
_csrfSelector
)[
0
];
if
(
el
)
{
csrfToken
=
kss
.
getDataAttr
(
el
,
'
csrftoken
'
)
||
el
.
value
;
}
}
if
(
csrfToken
)
headers
[
this
.
_csrfHeader
]
=
csrfToken
;
}
// Prevent caching
url
+=
(
url
.
indexOf
(
'
?
'
)
<
0
)
?
'
?
'
:
'
&
'
;
url
+=
'
_ts=
'
+
new
Date
().
getTime
();
...
...
@@ -2179,6 +2191,14 @@ kss.openURL = function(href, _options) {
}
};
kss
.
getCookie
=
function
(
name
)
{
var
regex
=
new
RegExp
(
'
(^|;)
\
s*
'
+
name
+
'
\
s*=([^;]*)
'
);
var
match
=
document
.
cookie
.
match
(
regex
);
if
(
match
)
return
match
[
2
].
trim
();
return
null
;
}
/*******************************************************************************************
* KSS Action Providers
...
...
kss.min.js
View file @
6b49c55b
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment