Add call to use X-CSRFToken in relevant POST methods

khoj-ai · Jun 26, 2023 · ddd550e · ddd550e
1 parent 35e24d7
commit ddd550e
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 0 deletions.
diff --git a/src/khoj/interface/web/config.html b/src/khoj/interface/web/config.html
@@ -98,8 +98,13 @@ <h3 class="card-title">Chat</h3>
         event.preventDefault();
         configure.disabled = true;
         configure.innerHTML = "Configuring...";
+        const csrfToken = document.cookie.split('; ').find(row => row.startsWith('csrftoken'))?.split('=')[1];
         fetch('/api/update?force=true&client=web', {
             method: 'GET',
+            headers: {
+                'Content-Type': 'application/json',
+                'X-CSRFToken': csrfToken
+            }
         })
         .then(response => response.json())
         .then(data => {

diff --git a/src/khoj/interface/web/content_type_github_input.html b/src/khoj/interface/web/content_type_github_input.html
@@ -79,10 +79,12 @@ <h4>You probably don't need to edit these.</h4>
         var repo_name = document.getElementById("repo-name").value;
         var repo_branch = document.getElementById("repo-branch").value;
 
+        const csrfToken = document.cookie.split('; ').find(row => row.startsWith('csrftoken'))?.split('=')[1];
         fetch('/api/config/data/content_type/github', {
             method: 'POST',
             headers: {
                 'Content-Type': 'application/json',
+                'X-CSRFToken': csrfToken,
             },
             body: JSON.stringify({
                 "pat_token": pat_token,

diff --git a/src/khoj/interface/web/content_type_input.html b/src/khoj/interface/web/content_type_input.html
@@ -131,10 +131,12 @@ <h4>You probably don't need to edit these.</h4>
         var embeddings_file = document.getElementById("embeddings-file").value;
         var index_heading_entries = document.getElementById("index-heading-entries").value;
 
+        const csrfToken = document.cookie.split('; ').find(row => row.startsWith('csrftoken'))?.split('=')[1];
         fetch('/api/config/data/content_type/{{ content_type }}', {
             method: 'POST',
             headers: {
                 'Content-Type': 'application/json',
+                'X-CSRFToken': csrfToken
             },
             body: JSON.stringify({
                 "input_files": input_files,

diff --git a/src/khoj/interface/web/processor_conversation_input.html b/src/khoj/interface/web/processor_conversation_input.html
@@ -61,10 +61,12 @@ <h4>You probably don't need to edit these.</h4>
         var model = document.getElementById("model").value;
         var chat_model = document.getElementById("chat-model").value;
 
+        const csrfToken = document.cookie.split('; ').find(row => row.startsWith('csrftoken'))?.split('=')[1];
         fetch('/api/config/data/processor/conversation', {
             method: 'POST',
             headers: {
                 'Content-Type': 'application/json',
+                'X-CSRFToken': csrfToken
             },
             body: JSON.stringify({
                 "openai_api_key": openai_api_key,