mirror of
https://github.com/jupyterhub/jupyterhub.git
synced 2025-10-12 20:43:02 +00:00
abe1136cba
Removes all Referer checks, which have proven unreliable and have never been particularly strong We can use XSRF on paths for more robust inter-path protections. - `_xsrf` is added for forms via hidden input - xsrf check is additionally applied to GET requests on API endpoints
23 lines
647 B
JavaScript
23 lines
647 B
JavaScript
const jhdata = window.jhdata || {};
|
|
const base_url = jhdata.base_url || "/";
|
|
const xsrfToken = jhdata.xsrf_token;
|
|
|
|
export const jhapiRequest = (endpoint, method, data) => {
|
|
let api_url = `${base_url}hub/api`;
|
|
let suffix = "";
|
|
if (xsrfToken) {
|
|
// add xsrf token to url parameter
|
|
var sep = endpoint.indexOf("?") === -1 ? "?" : "&";
|
|
suffix = sep + "_xsrf=" + xsrf_token;
|
|
}
|
|
return fetch(api_url + endpoint + suffix, {
|
|
method: method,
|
|
json: true,
|
|
headers: {
|
|
"Content-Type": "application/json",
|
|
Accept: "application/jupyterhub-pagination+json",
|
|
},
|
|
body: data ? JSON.stringify(data) : null,
|
|
});
|
|
};
|