@rmdes/indiekit-endpoint-microsub 1.0.55 → 1.0.56
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +24 -13
- package/lib/activitypub/outbox-fetcher.js +14 -2
- package/lib/cache/redis.js +14 -4
- package/lib/controllers/channels.js +2 -2
- package/lib/controllers/reader.js +5 -23
- package/lib/controllers/search.js +6 -0
- package/lib/controllers/timeline.js +2 -2
- package/lib/feeds/capabilities.js +5 -0
- package/lib/feeds/fetcher.js +6 -0
- package/lib/feeds/normalizer.js +3 -55
- package/lib/media/proxy.js +82 -27
- package/lib/polling/processor.js +27 -4
- package/lib/polling/scheduler.js +2 -0
- package/lib/realtime/broker.js +6 -1
- package/lib/storage/channels.js +53 -42
- package/lib/storage/feeds.js +3 -1
- package/lib/storage/items.js +18 -24
- package/lib/utils/constants.js +7 -0
- package/lib/utils/csrf.js +51 -0
- package/lib/utils/sanitize.js +61 -0
- package/lib/utils/validation.js +8 -2
- package/lib/webmention/verifier.js +10 -21
- package/lib/websub/subscriber.js +12 -0
- package/package.json +3 -1
- package/views/actor.njk +2 -0
- package/views/channel-new.njk +1 -0
- package/views/channel.njk +9 -3
- package/views/compose.njk +1 -0
- package/views/deck-settings.njk +1 -0
- package/views/feed-edit.njk +3 -0
- package/views/feeds.njk +4 -0
- package/views/layouts/reader.njk +1 -0
- package/views/search.njk +2 -0
- package/views/settings.njk +2 -0
- package/views/timeline.njk +6 -3
package/views/timeline.njk
CHANGED
|
@@ -66,6 +66,9 @@
|
|
|
66
66
|
</div>
|
|
67
67
|
|
|
68
68
|
<script type="module">
|
|
69
|
+
// CSRF token for AJAX requests
|
|
70
|
+
const csrfToken = document.querySelector('meta[name="csrf-token"]')?.content || '';
|
|
71
|
+
|
|
69
72
|
const timeline = document.getElementById('timeline');
|
|
70
73
|
if (timeline) {
|
|
71
74
|
const items = Array.from(timeline.querySelectorAll('.ms-item-card'));
|
|
@@ -121,7 +124,7 @@
|
|
|
121
124
|
|
|
122
125
|
const response = await fetch(microsubApiUrl, {
|
|
123
126
|
method: 'POST',
|
|
124
|
-
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
|
|
127
|
+
headers: { 'Content-Type': 'application/x-www-form-urlencoded', 'X-CSRF-Token': csrfToken },
|
|
125
128
|
body: formData.toString(),
|
|
126
129
|
credentials: 'same-origin'
|
|
127
130
|
});
|
|
@@ -192,7 +195,7 @@
|
|
|
192
195
|
|
|
193
196
|
const response = await fetch(microsubApiUrl, {
|
|
194
197
|
method: 'POST',
|
|
195
|
-
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
|
|
198
|
+
headers: { 'Content-Type': 'application/x-www-form-urlencoded', 'X-CSRF-Token': csrfToken },
|
|
196
199
|
body: formData.toString(),
|
|
197
200
|
credentials: 'same-origin'
|
|
198
201
|
});
|
|
@@ -250,7 +253,7 @@
|
|
|
250
253
|
try {
|
|
251
254
|
const response = await fetch('/readlater/save', {
|
|
252
255
|
method: 'POST',
|
|
253
|
-
headers: { 'Content-Type': 'application/json' },
|
|
256
|
+
headers: { 'Content-Type': 'application/json', 'X-CSRF-Token': csrfToken },
|
|
254
257
|
body: JSON.stringify({ url, title: title || url, source: 'microsub' }),
|
|
255
258
|
credentials: 'same-origin'
|
|
256
259
|
});
|