fix: force uploads to use auth headers instead of cookie

2022-01-22 19:52:59 -05:00 · 2022-01-22 19:52:59 -05:00 · a04f7bd650
commit a04f7bd650
parent 92fe9d3e31
2 changed files with 17 additions and 1 deletions
--- a/client/components/editor/editor-modal-media.vue
+++ b/client/components/editor/editor-modal-media.vue
@ -143,7 +143,7 @@
                allow-multiple='true'
                :files='files'
                max-files='10'
-                server='/u'
+                :server='filePondServerOpts'
                :instant-upload='false'
                :allow-revert='false'
                @processfile='onFileProcessed'
@ -230,6 +230,7 @@
 <script>
 import _ from 'lodash'
 import { get, sync } from 'vuex-pathify'
+import Cookies from 'js-cookie'
 import vueFilePond from 'vue-filepond'
 import 'filepond/dist/filepond.min.css'

@ -312,6 +313,17 @@ export default {
    },
    currentAsset () {
      return _.find(this.assets, ['id', this.currentFileId]) || {}
+    },
+    filePondServerOpts () {
+      const jwtToken = Cookies.get('jwt')
+      return {
+        process: {
+          url: '/u',
+          headers: {
+            'Authorization': `Bearer ${jwtToken}`
+          }
+        }
+      }
    }
  },
  watch: {
--- a/server/helpers/security.js
+++ b/server/helpers/security.js
@ -31,6 +31,10 @@ module.exports = {
      if (req && req.cookies) {
        token = req.cookies['jwt']
      }
+      // Force uploads to use Auth headers
+      if (req.path === '/u') {
+        return null
+      }
      return token
    }
  ])