fix: force uploads to use auth headers instead of cookie

requarks · Jan 23, 2022 · a04f7bd · a04f7bd
1 parent 92fe9d3
commit a04f7bd
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/client/components/editor/editor-modal-media.vue b/client/components/editor/editor-modal-media.vue
@@ -143,7 +143,7 @@
                 allow-multiple='true'
                 :files='files'
                 max-files='10'
-                server='/u'
+                :server='filePondServerOpts'
                 :instant-upload='false'
                 :allow-revert='false'
                 @processfile='onFileProcessed'
@@ -230,6 +230,7 @@
 <script>
 import _ from 'lodash'
 import { get, sync } from 'vuex-pathify'
+import Cookies from 'js-cookie'
 import vueFilePond from 'vue-filepond'
 import 'filepond/dist/filepond.min.css'
 
@@ -312,6 +313,17 @@ export default {
     },
     currentAsset () {
       return _.find(this.assets, ['id', this.currentFileId]) || {}
+    },
+    filePondServerOpts () {
+      const jwtToken = Cookies.get('jwt')
+      return {
+        process: {
+          url: '/u',
+          headers: {
+            'Authorization': `Bearer ${jwtToken}`
+          }
+        }
+      }
     }
   },
   watch: {

diff --git a/server/helpers/security.js b/server/helpers/security.js
@@ -31,6 +31,10 @@ module.exports = {
       if (req && req.cookies) {
         token = req.cookies['jwt']
       }
+      // Force uploads to use Auth headers
+      if (req.path === '/u') {
+        return null
+      }
       return token
     }
   ])