web: add fetchApi convenience method

2024-11-22 15:37:45 +00:00 · 2016-06-02 10:34:16 -07:00 · 2016-06-02 10:34:16 -07:00 · 73e494770f
commit 73e494770f
parent 89fc438e32
4 changed files with 18 additions and 12 deletions
--- a/mitmproxy/web/init.py
+++ b/mitmproxy/web/init.py
@ -87,9 +87,6 @@ class WebState(flow.State):
            data=[]
        )

-    def load_flows(self, flows):
-        super(WebState, self).load_flows(flows)
-

 class Options(object):
    attributes = [
--- a/mitmproxy/web/app.py
+++ b/mitmproxy/web/app.py
@ -390,7 +390,7 @@ class Application(tornado.web.Application):
        settings = dict(
            template_path=os.path.join(os.path.dirname(__file__), "templates"),
            static_path=os.path.join(os.path.dirname(__file__), "static"),
-            xsrf_cookies=False,
+            xsrf_cookies=True,
            cookie_secret=os.urandom(256),
            debug=debug,
            wauthenticator=wauthenticator,
--- a/web/src/js/actions.js
+++ b/web/src/js/actions.js
@ -1,7 +1,6 @@
 import $ from "jquery";
-import _ from "lodash";
 import {AppDispatcher} from "./dispatcher.js";
-import {getCookie} from "./utils.js";
+import {fetchApi} from "./utils.js";

 export var ActionTypes = {
    // Connection
@ -122,12 +121,10 @@ export var FlowActions = {
    download: () => window.location = "/flows/dump",

    upload: (file) => {
-        var xsrf = $.param({_xsrf: getCookie("_xsrf")});
-        //console.log(xsrf);
        var filereader = new FileReader();
        filereader.file = file;
        filereader.onload = (e) => {
-            fetch("/flows/dump?"+xsrf,  {
+            fetchApi("/flows/dump",  {
                method: 'post',
                body: e.currentTarget.result
            })
--- a/web/src/js/utils.js
+++ b/web/src/js/utils.js
@ -76,11 +76,11 @@ export function reverseString(s) {
        ) + end;
 }

-export function getCookie(name) {
+function getCookie(name) {
    var r = document.cookie.match(new RegExp("\\b" + name + "=([^;]*)\\b"));
    return r ? r[1] : undefined;
 }
-var xsrf = $.param({_xsrf: getCookie("_xsrf")});
+const xsrf = `_xsrf=${getCookie("_xsrf")}`;

 //Tornado XSRF Protection.
 $.ajaxPrefilter(function (options) {
@ -101,4 +101,16 @@ $(document).ajaxError(function (event, jqXHR, ajaxSettings, thrownError) {
    console.error(thrownError, message, arguments);
    actions.EventLogActions.add_event(thrownError + ": " + message);
    alert(message);
-});
+});
+
+export function fetchApi(url, options) {
+    if(url.indexOf("?") === -1){
+        url += "?" + xsrf;
+    } else {
+        url += "&" + xsrf;
+    }
+    return fetch(url, {
+        ...options,
+        credentials: 'same-origin'
+    });
+}