marcel/zoraxy
1
0
Fork 0
mirror of https://github.com/tobychui/zoraxy.git synced 2025-08-07 21:58:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed #267

Browse Source 
- Added csrf middleware to management portal mux
- Added csrf token to all html templates
- Added csrf validation to all endpoints
- Optimized some old endpoints implementation
This commit is contained in:
Toby Chui
2024-07-24 21:58:44 +08:00
parent b1c5bc2963
commit f595da92a1
45 changed files with 535 additions and 307 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/web/snippet/accessRuleEditor.html
View File

@@ -3,9 +3,11 @@
<head>
<!-- Notes: This should be open in its original path-->
<meta charset="utf-8">
<meta name="zoraxy.csrf.Token" content="{{.csrfToken}}">
<link rel="stylesheet" href="../script/semantic/semantic.min.css">
<script src="../script/jquery-3.6.0.min.js"></script>
<script src="../script/semantic/semantic.min.js"></script>
<script src="../script/utils.js"></script>
<style>
#refreshAccessRuleListBtn{
position: absolute;
@@ -94,7 +96,7 @@
$("#accessRuleForm input[name='accessRuleName']").val("");
$("#accessRuleForm textarea[name='description']").val("");
$.ajax({
$.cjax({
url: "/api/access/create",
method: "POST",
data: {
@@ -162,7 +164,7 @@
console.log('Access Rule Name:', accessRuleName);
console.log('Description:', description);
$.ajax({
$.cjax({
url: "/api/access/update",
method: "POST",
data: {
@@ -238,7 +240,7 @@
}
let accessRuleName = $("#modifyRuleInfo input[name='accessRuleName']").val();
if (confirm("Confirm removing access rule " + accessRuleName + "?")){
$.ajax({
$.cjax({
url: "/api/access/remove",
data: {
"id": accessRuleUUID