soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Share CSRF headers across guest uploads
Some checks failed
linter / quality (push) Has been cancelled
Details
tests / ci (push) Has been cancelled
Details
tests / ui (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Codex Agent
2026-01-30 13:10:19 +01:00
parent 96aaea23e4
commit 3ba784154b
4 changed files with 93 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
resources/js/guest/queue/xhr.ts
View File

@@ -1,4 +1,5 @@
import type { QueueItem } from './queue';
import { buildCsrfHeaders } from '../lib/csrf';
export async function createUpload(
url: string,
@@ -9,7 +10,10 @@ export async function createUpload(
return new Promise((resolve, reject) => {
const xhr = new XMLHttpRequest();
xhr.open('POST', url, true);
xhr.setRequestHeader('X-Device-Id', deviceId);
const headers = buildCsrfHeaders(deviceId);
Object.entries(headers).forEach(([key, value]) => {
xhr.setRequestHeader(key, value);
});
const form = new FormData();
form.append('photo', it.blob, it.fileName);
if (it.emotion_id) form.append('emotion_id', String(it.emotion_id));