@eeacms/volto-clms-theme 1.1.259 → 1.1.261

package/CHANGELOG.md

@@ -4,6 +4,20 @@ All notable changes to this project will be documented in this file. Dates are d
 
 Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog).
 
+### [1.1.261](https://github.com/eea/volto-clms-theme/compare/1.1.260...1.1.261) - 23 October 2025
+
+#### :hammer_and_wrench: Others
+
+- Refs #293096 - Custom CSRF protection for our forms. Use restapi endpoint to get CSRF token and set header. [GhitaB - [`2eaba3c`](https://github.com/eea/volto-clms-theme/commit/2eaba3c52309edbe86d8be7c5c6676397c898e31)]
+### [1.1.260](https://github.com/eea/volto-clms-theme/compare/1.1.259...1.1.260) - 10 October 2025
+
+#### :house: Internal changes
+
+- style: Automated code fix [eea-jenkins - [`bf98f53`](https://github.com/eea/volto-clms-theme/commit/bf98f53e74bd5c7919de1cf7b20004d07928c89e)]
+
+#### :hammer_and_wrench: Others
+
+- Refs #289194 - ChatbotFloatingButton - fix z-index (to be under Cookies banner). [GhitaB - [`1585ec7`](https://github.com/eea/volto-clms-theme/commit/1585ec7b64962651ea0b604581c9f2403460611e)]
 ### [1.1.259](https://github.com/eea/volto-clms-theme/compare/1.1.258...1.1.259) - 10 October 2025
 
 #### :hammer_and_wrench: Others

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@eeacms/volto-clms-theme",
-  "version": "1.1.259",
+  "version": "1.1.261",
   "description": "volto-clms-theme: Volto theme for CLMS site",
   "main": "src/index.js",
   "author": "CodeSyntax for the European Environment Agency",

package/src/components/Blocks/CustomTemplates/VoltoFormBlock/View.jsx

@@ -2,7 +2,8 @@ import React, { useState, useEffect, useReducer, useRef } from 'react';
 import { useSelector, useDispatch } from 'react-redux';
 import PropTypes from 'prop-types';
 import { useIntl, defineMessages } from 'react-intl';
-import { submitForm } from 'volto-form-block/actions';
+import { submitForm } from '../../../../customizations/volto-form-block/actions';
+
 import { getFieldName } from 'volto-form-block/components/utils';
 import FormView from 'volto-form-block/components/FormView';
 import { formatDate } from '@plone/volto/helpers/Utils/Date';
@@ -77,6 +78,7 @@ const View = ({ data, id, path }) => {
 
   const [formState, setFormState] = useReducer(formStateReducer, initialState);
   const [formErrors, setFormErrors] = useState([]);
+  const [csrfToken, setCsrfToken] = useState(null);
   const submitResults = useSelector((state) => state.submitForm);
   const captchaToken = useRef();
 
@@ -84,6 +86,22 @@ const View = ({ data, id, path }) => {
     setFormData({ field, value: { field_id, value, ...extras } });
   };
 
+  useEffect(() => {
+    fetch(`/++api++/@clms-get-csrf-token`, {
+      credentials: 'include',
+      headers: {
+        Accept: 'application/json',
+      },
+    })
+      .then((r) => {
+        if (!r.ok) throw new Error(`${r.status} ${r.statusText}`);
+        return r.json();
+      })
+      .then((data) => {
+        setCsrfToken(data.token);
+      });
+  }, [path]);
+
   useEffect(() => {
     if (formErrors.length > 0) {
       isValidForm();
@@ -204,6 +222,7 @@ const View = ({ data, id, path }) => {
               })),
               attachments,
               captcha,
+              csrfToken,
             ),
           );
           setFormState({ type: FORM_STATES.loading });

package/src/components/Footer/chatbot-floating-button.less

@@ -1,6 +1,6 @@
 .chatbot-floating-button {
   position: fixed;
-  z-index: 1000;
+  z-index: 995; // Cookies banner has 1000
   right: 20px;
   bottom: 20px;
   display: flex;

package/src/customizations/volto-form-block/actions/index.js

@@ -0,0 +1,90 @@
+/**
+ * exportCsvFormData action
+ * @module actions/submitForm
+ */
+
+export const SUBMIT_FORM_ACTION = 'SUBMIT_FORM_ACTION';
+
+/**
+ * submitForm function
+ * @function submitForm
+ * @param {string} path
+ * @param {string} block_id
+ * @param {Object} data
+ * @returns {Object} attachments
+ *
+ * OVERRIDED to add CSRF token for CLMS custom forms
+ */
+export function submitForm(
+  path = '',
+  block_id,
+  data,
+  attachments,
+  captcha,
+  csrfToken,
+) {
+  return {
+    type: SUBMIT_FORM_ACTION,
+    request: {
+      op: 'post',
+      path: path + '/@submit-form',
+      headers: {
+        'X-CSRF-TOKEN': csrfToken,
+      },
+      data: {
+        block_id,
+        data,
+        attachments,
+        captcha,
+      },
+    },
+  };
+}
+
+/**
+ * exportCsvFormData action
+ * @module actions/exportCsvFormData
+ */
+export const EXPORT_CSV_FORMDATA = 'EXPORT_CSV_FORMDATA';
+
+export function exportCsvFormData(path = '') {
+  return {
+    type: EXPORT_CSV_FORMDATA,
+    request: {
+      op: 'get',
+      path: path + '/@form-data-export',
+    },
+  };
+}
+
+/**
+ * getFormData action
+ * @module actions/getFormData
+ */
+export const GET_FORM_DATA = 'GET_FORMDATA';
+
+export function getFormData(path = '') {
+  return {
+    type: GET_FORM_DATA,
+    request: {
+      op: 'get',
+      path: path + '/@form-data',
+    },
+  };
+}
+
+/**
+ * clearFormData action
+ * @module actions/getFormData
+ */
+export const CLEAR_FORM_DATA = 'CLEAR_FORM_DATA';
+
+export function clearFormData(path = '') {
+  return {
+    type: CLEAR_FORM_DATA,
+    request: {
+      op: 'get',
+      path: path + '/@form-data-clear',
+    },
+  };
+}