fix: add csrf protections to delete repo functionality

tsteenbe · May 1, 2024 · ae88e2e · ae88e2e
1 parent a06f5f1
commit ae88e2e
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/src/ui/services/repo.js b/src/ui/services/repo.js
@@ -118,10 +118,12 @@ const deleteUser = async (user, repoName, action) => {
 const deleteRepo = async (repoName) => {
   const url = new URL(`${baseUrl}/repo/${repoName}/delete`);
 
-  await axios.delete(url, { withCredentials: true }).catch((error) => {
-    console.log(error.response.data.message);
-    throw error;
-  });
+  await axios
+    .delete(url, { withCredentials: true, headers: { 'X-CSRF-TOKEN': getCookie('csrf') } })
+    .catch((error) => {
+      console.log(error.response.data.message);
+      throw error;
+    });
 };
 
 export { addUser, deleteUser, getRepos, getRepo, addRepo, deleteRepo };