diff --git a/.eslintrc.yaml b/.eslintrc.yaml
index 846823abc7..c9ea481af4 100644
--- a/.eslintrc.yaml
+++ b/.eslintrc.yaml
@@ -46,6 +46,9 @@ overrides:
- files: ["*.config.*"]
rules:
import/no-unused-modules: [0]
+ - files: ["web_src/js/modules/fetch.js", "web_src/js/standalone/**/*"]
+ rules:
+ no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement, SequenceExpression]
rules:
"@eslint-community/eslint-comments/disable-enable-pair": [2]
@@ -420,7 +423,7 @@ rules:
no-restricted-exports: [0]
no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, self, status, statusbar, stop, toolbar, top, __dirname, __filename]
no-restricted-imports: [0]
- no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement, SequenceExpression]
+ no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement, SequenceExpression, {selector: "CallExpression[callee.name='fetch']", message: "use modules/fetch.js instead"}]
no-return-assign: [0]
no-script-url: [2]
no-self-assign: [2, {props: true}]
diff --git a/docs/content/contributing/guidelines-frontend.en-us.md b/docs/content/contributing/guidelines-frontend.en-us.md
index 921c2b0233..0d9e510e70 100644
--- a/docs/content/contributing/guidelines-frontend.en-us.md
+++ b/docs/content/contributing/guidelines-frontend.en-us.md
@@ -95,7 +95,7 @@ Some lint rules and IDEs also have warnings if the returned Promise is not handl
### Fetching data
To fetch data, use the wrapper functions `GET`, `POST` etc. from `modules/fetch.js`. They
-accept a `data` option for the content, will automatically set CSFR token and return a
+accept a `data` option for the content, will automatically set CSRF token and return a
Promise for a [Response](https://developer.mozilla.org/en-US/docs/Web/API/Response).
### HTML Attributes and `dataset`
diff --git a/web_src/js/components/DashboardRepoList.vue b/web_src/js/components/DashboardRepoList.vue
index 5b8075f07a..5ff51168cb 100644
--- a/web_src/js/components/DashboardRepoList.vue
+++ b/web_src/js/components/DashboardRepoList.vue
@@ -2,6 +2,7 @@
import {createApp, nextTick} from 'vue';
import $ from 'jquery';
import {SvgIcon} from '../svg.js';
+import {GET} from '../modules/fetch.js';
const {appSubUrl, assetUrlPrefix, pageData} = window.config;
@@ -233,11 +234,11 @@ const sfc = {
try {
if (!this.reposTotalCount) {
const totalCountSearchURL = `${this.subUrl}/repo/search?count_only=1&uid=${this.uid}&team_id=${this.teamId}&q=&page=1&mode=`;
- response = await fetch(totalCountSearchURL);
+ response = await GET(totalCountSearchURL);
this.reposTotalCount = response.headers.get('X-Total-Count');
}
- response = await fetch(searchedURL);
+ response = await GET(searchedURL);
json = await response.json();
} catch {
if (searchedURL === this.searchURL) {
diff --git a/web_src/js/components/DiffCommitSelector.vue b/web_src/js/components/DiffCommitSelector.vue
index 48dc9d72ff..3f7100d201 100644
--- a/web_src/js/components/DiffCommitSelector.vue
+++ b/web_src/js/components/DiffCommitSelector.vue
@@ -1,5 +1,6 @@
<script>
import {SvgIcon} from '../svg.js';
+import {GET} from '../modules/fetch.js';
export default {
components: {SvgIcon},
@@ -123,7 +124,7 @@ export default {
},
/** Load the commits to show in this dropdown */
async fetchCommits() {
- const resp = await fetch(`${this.issueLink}/commits/list`);
+ const resp = await GET(`${this.issueLink}/commits/list`);
const results = await resp.json();
this.commits.push(...results.commits.map((x) => {
x.hovered = false;
diff --git a/web_src/js/components/RepoBranchTagSelector.vue b/web_src/js/components/RepoBranchTagSelector.vue
index 30bff6d23f..bc7d979d99 100644
--- a/web_src/js/components/RepoBranchTagSelector.vue
+++ b/web_src/js/components/RepoBranchTagSelector.vue
@@ -4,6 +4,7 @@ import $ from 'jquery';
import {SvgIcon} from '../svg.js';
import {pathEscapeSegments} from '../utils/url.js';
import {showErrorToast} from '../modules/toast.js';
+import {GET} from '../modules/fetch.js';
const sfc = {
components: {SvgIcon},
@@ -190,8 +191,7 @@ const sfc = {
}
this.isLoading = true;
try {
- const reqUrl = `${this.repoLink}/${this.mode}/list`;
- const resp = await fetch(reqUrl);
+ const resp = await GET(`${this.repoLink}/${this.mode}/list`);
const {results} = await resp.json();
for (const result of results) {
let selected = false;
diff --git a/web_src/js/features/common-global.js b/web_src/js/features/common-global.js
index 96fad7eee6..bc775ae545 100644
--- a/web_src/js/features/common-global.js
+++ b/web_src/js/features/common-global.js
@@ -11,6 +11,7 @@ import {htmlEscape} from 'escape-goat';
import {showTemporaryTooltip} from '../modules/tippy.js';
import {confirmModal} from './comp/ConfirmModal.js';
import {showErrorToast} from '../modules/toast.js';
+import {request} from '../modules/fetch.js';
const {appUrl, appSubUrl, csrfToken, i18n} = window.config;
@@ -81,7 +82,7 @@ function fetchActionDoRedirect(redirect) {
async function fetchActionDoRequest(actionElem, url, opt) {
try {
- const resp = await fetch(url, opt);
+ const resp = await request(url, opt);
if (resp.status === 200) {
let {redirect} = await resp.json();
redirect = redirect || actionElem.getAttribute('data-redirect');
@@ -127,7 +128,7 @@ async function formFetchAction(e) {
}
let reqUrl = formActionUrl;
- const reqOpt = {method: formMethod.toUpperCase(), headers: {'X-Csrf-Token': csrfToken}};
+ const reqOpt = {method: formMethod.toUpperCase()};
if (formMethod.toLowerCase() === 'get') {
const params = new URLSearchParams();
for (const [key, value] of formData) {
@@ -264,7 +265,7 @@ async function linkAction(e) {
const url = el.getAttribute('data-url');
const doRequest = async () => {
el.disabled = true;
- await fetchActionDoRequest(el, url, {method: 'POST', headers: {'X-Csrf-Token': csrfToken}});
+ await fetchActionDoRequest(el, url, {method: 'POST'});
el.disabled = false;
};
diff --git a/web_src/js/features/common-issue-list.js b/web_src/js/features/common-issue-list.js
index ecada11988..3a28cf900c 100644
--- a/web_src/js/features/common-issue-list.js
+++ b/web_src/js/features/common-issue-list.js
@@ -1,7 +1,8 @@
import $ from 'jquery';
import {isElemHidden, onInputDebounce, toggleElem} from '../utils/dom.js';
-const {appSubUrl} = window.config;
+import {GET} from '../modules/fetch.js';
+const {appSubUrl} = window.config;
const reIssueIndex = /^(\d+)$/; // eg: "123"
const reIssueSharpIndex = /^#(\d+)$/; // eg: "#123"
const reIssueOwnerRepoIndex = /^([-.\w]+)\/([-.\w]+)#(\d+)$/; // eg: "{owner}/{repo}#{index}"
@@ -54,7 +55,7 @@ export function initCommonIssueListQuickGoto() {
// try to check whether the parsed goto link is valid
let targetUrl = parseIssueListQuickGotoLink(repoLink, searchText);
if (targetUrl) {
- const res = await fetch(`${targetUrl}/info`);
+ const res = await GET(`${targetUrl}/info`);
if (res.status !== 200) targetUrl = '';
}
diff --git a/web_src/js/features/comp/ImagePaste.js b/web_src/js/features/comp/ImagePaste.js
index dc335495a3..cae42f3d5f 100644
--- a/web_src/js/features/comp/ImagePaste.js
+++ b/web_src/js/features/comp/ImagePaste.js
@@ -1,16 +1,11 @@
import $ from 'jquery';
-
-const {csrfToken} = window.config;
+import {POST} from '../../modules/fetch.js';
async function uploadFile(file, uploadUrl) {
const formData = new FormData();
formData.append('file', file, file.name);
- const res = await fetch(uploadUrl, {
- method: 'POST',
- headers: {'X-Csrf-Token': csrfToken},
- body: formData,
- });
+ const res = await POST(uploadUrl, {data: formData});
return await res.json();
}
diff --git a/web_src/js/features/comp/ReactionSelector.js b/web_src/js/features/comp/ReactionSelector.js
index 336634a582..76834f8844 100644
--- a/web_src/js/features/comp/ReactionSelector.js
+++ b/web_src/js/features/comp/ReactionSelector.js
@@ -1,6 +1,5 @@
import $ from 'jquery';
-
-const {csrfToken} = window.config;
+import {POST} from '../../modules/fetch.js';
export function initCompReactionSelector($parent) {
$parent.find(`.select-reaction .item.reaction, .comment-reaction-button`).on('click', async function (e) {
@@ -12,15 +11,8 @@ export function initCompReactionSelector($parent) {
const reactionContent = $(this).attr('data-reaction-content');
const hasReacted = $(this).closest('.ui.segment.reactions').find(`a[data-reaction-content="${reactionContent}"]`).attr('data-has-reacted') === 'true';
- const res = await fetch(`${actionUrl}/${hasReacted ? 'unreact' : 'react'}`, {
- method: 'POST',
- headers: {
- 'content-type': 'application/x-www-form-urlencoded',
- },
- body: new URLSearchParams({
- _csrf: csrfToken,
- content: reactionContent,
- }),
+ const res = await POST(`${actionUrl}/${hasReacted ? 'unreact' : 'react'}`, {
+ data: new URLSearchParams({content: reactionContent}),
});
const data = await res.json();
diff --git a/web_src/js/features/copycontent.js b/web_src/js/features/copycontent.js
index c1419a524b..3d3b2a697e 100644
--- a/web_src/js/features/copycontent.js
+++ b/web_src/js/features/copycontent.js
@@ -1,6 +1,7 @@
import {clippie} from 'clippie';
import {showTemporaryTooltip} from '../modules/tippy.js';
import {convertImage} from '../utils.js';
+import {GET} from '../modules/fetch.js';
const {i18n} = window.config;
@@ -20,7 +21,7 @@ export function initCopyContent() {
if (link) {
btn.classList.add('is-loading', 'small-loading-icon');
try {
- const res = await fetch(link, {credentials: 'include', redirect: 'follow'});
+ const res = await GET(link, {credentials: 'include', redirect: 'follow'});
const contentType = res.headers.get('content-type');
if (contentType.startsWith('image/') && !contentType.startsWith('image/svg')) {
diff --git a/web_src/js/features/install.js b/web_src/js/features/install.js
index 23122ca4c3..9fda7f7d27 100644
--- a/web_src/js/features/install.js
+++ b/web_src/js/features/install.js
@@ -1,5 +1,6 @@
import $ from 'jquery';
import {hideElem, showElem} from '../utils/dom.js';
+import {GET} from '../modules/fetch.js';
export function initInstall() {
const $page = $('.page-content.install');
@@ -111,7 +112,7 @@ function initPostInstall() {
const targetUrl = el.getAttribute('href');
let tid = setInterval(async () => {
try {
- const resp = await fetch(targetUrl);
+ const resp = await GET(targetUrl);
if (tid && resp.status === 200) {
clearInterval(tid);
tid = null;
diff --git a/web_src/js/features/pull-view-file.js b/web_src/js/features/pull-view-file.js
index 90ea805160..86b65f68cf 100644
--- a/web_src/js/features/pull-view-file.js
+++ b/web_src/js/features/pull-view-file.js
@@ -1,7 +1,8 @@
import {diffTreeStore} from '../modules/stores.js';
import {setFileFolding} from './file-fold.js';
+import {POST} from '../modules/fetch.js';
-const {csrfToken, pageData} = window.config;
+const {pageData} = window.config;
const prReview = pageData.prReview || {};
const viewedStyleClass = 'viewed-file-checked-form';
const viewedCheckboxSelector = '.viewed-file-form'; // Selector under which all "Viewed" checkbox forms can be found
@@ -68,11 +69,7 @@ export function initViewedCheckboxListenerFor() {
const data = {files};
const headCommitSHA = form.getAttribute('data-headcommit');
if (headCommitSHA) data.headCommitSHA = headCommitSHA;
- fetch(form.getAttribute('data-link'), {
- method: 'POST',
- headers: {'X-Csrf-Token': csrfToken},
- body: JSON.stringify(data),
- });
+ POST(form.getAttribute('data-link'), {data});
// Fold the file accordingly
const parentBox = form.closest('.diff-file-header');
diff --git a/web_src/js/features/repo-diff-commit.js b/web_src/js/features/repo-diff-commit.js
index bc591fa37d..3d4f0f677a 100644
--- a/web_src/js/features/repo-diff-commit.js
+++ b/web_src/js/features/repo-diff-commit.js
@@ -1,9 +1,10 @@
import {hideElem, showElem, toggleElem} from '../utils/dom.js';
+import {GET} from '../modules/fetch.js';
async function loadBranchesAndTags(area, loadingButton) {
loadingButton.classList.add('disabled');
try {
- const res = await fetch(loadingButton.getAttribute('data-fetch-url'));
+ const res = await GET(loadingButton.getAttribute('data-fetch-url'));
const data = await res.json();
hideElem(loadingButton);
addTags(area, data.tags);
diff --git a/web_src/js/features/repo-issue-list.js b/web_src/js/features/repo-issue-list.js
index 64343a8d22..af4586121e 100644
--- a/web_src/js/features/repo-issue-list.js
+++ b/web_src/js/features/repo-issue-list.js
@@ -5,6 +5,7 @@ import {htmlEscape} from 'escape-goat';
import {confirmModal} from './comp/ConfirmModal.js';
import {showErrorToast} from '../modules/toast.js';
import {createSortable} from '../modules/sortable.js';
+import {DELETE, POST} from '../modules/fetch.js';
function initRepoIssueListCheckboxes() {
const $issueSelectAll = $('.issue-checkbox-all');
@@ -146,13 +147,7 @@ function initPinRemoveButton() {
const id = Number(el.getAttribute('data-issue-id'));
// Send the unpin request
- const response = await fetch(el.getAttribute('data-unpin-url'), {
- method: 'delete',
- headers: {
- 'X-Csrf-Token': window.config.csrfToken,
- 'Content-Type': 'application/json',
- },
- });
+ const response = await DELETE(el.getAttribute('data-unpin-url'));
if (response.ok) {
// Delete the tooltip
el._tippy.destroy();
@@ -166,14 +161,7 @@ function initPinRemoveButton() {
async function pinMoveEnd(e) {
const url = e.item.getAttribute('data-move-url');
const id = Number(e.item.getAttribute('data-issue-id'));
- await fetch(url, {
- method: 'post',
- body: JSON.stringify({id, position: e.newIndex + 1}),
- headers: {
- 'X-Csrf-Token': window.config.csrfToken,
- 'Content-Type': 'application/json',
- },
- });
+ await POST(url, {data: {id, position: e.newIndex + 1}});
}
async function initIssuePinSort() {
diff --git a/web_src/js/features/repo-migrate.js b/web_src/js/features/repo-migrate.js
index de9f7b023c..cae28fdd1b 100644
--- a/web_src/js/features/repo-migrate.js
+++ b/web_src/js/features/repo-migrate.js
@@ -1,7 +1,8 @@
import $ from 'jquery';
import {hideElem, showElem} from '../utils/dom.js';
+import {GET, POST} from '../modules/fetch.js';
-const {appSubUrl, csrfToken} = window.config;
+const {appSubUrl} = window.config;
export function initRepoMigrationStatusChecker() {
const $repoMigrating = $('#repo_migrating');
@@ -13,7 +14,7 @@ export function initRepoMigrationStatusChecker() {
// returns true if the refresh still need to be called after a while
const refresh = async () => {
- const res = await fetch(`${appSubUrl}/user/task/${task}`);
+ const res = await GET(`${appSubUrl}/user/task/${task}`);
if (res.status !== 200) return true; // continue to refresh if network error occurs
const data = await res.json();
@@ -58,12 +59,6 @@ export function initRepoMigrationStatusChecker() {
}
async function doMigrationRetry(e) {
- await fetch($(e.target).attr('data-migrating-task-retry-url'), {
- method: 'post',
- headers: {
- 'X-Csrf-Token': csrfToken,
- 'Content-Type': 'application/json',
- },
- });
+ await POST($(e.target).attr('data-migrating-task-retry-url'));
window.location.reload();
}
diff --git a/web_src/js/features/user-auth-webauthn.js b/web_src/js/features/user-auth-webauthn.js
index c4c2356cb3..363e039760 100644
--- a/web_src/js/features/user-auth-webauthn.js
+++ b/web_src/js/features/user-auth-webauthn.js
@@ -1,7 +1,8 @@
import {encodeURLEncodedBase64, decodeURLEncodedBase64} from '../utils.js';
import {showElem} from '../utils/dom.js';
+import {GET, POST} from '../modules/fetch.js';
-const {appSubUrl, csrfToken} = window.config;
+const {appSubUrl} = window.config;
export async function initUserAuthWebAuthn() {
const elPrompt = document.querySelector('.user.signin.webauthn-prompt');
@@ -13,7 +14,7 @@ export async function initUserAuthWebAuthn() {
return;
}
- const res = await fetch(`${appSubUrl}/user/webauthn/assertion`);
+ const res = await GET(`${appSubUrl}/user/webauthn/assertion`);
if (res.status !== 200) {
webAuthnError('unknown');
return;
@@ -53,12 +54,8 @@ async function verifyAssertion(assertedCredential) {
const sig = new Uint8Array(assertedCredential.response.signature);
const userHandle = new Uint8Array(assertedCredential.response.userHandle);
- const res = await fetch(`${appSubUrl}/user/webauthn/assertion`, {
- method: 'POST',
- headers: {
- 'Content-Type': 'application/json; charset=utf-8'
- },
- body: JSON.stringify({
+ const res = await POST(`${appSubUrl}/user/webauthn/assertion`, {
+ data: {
id: assertedCredential.id,
rawId: encodeURLEncodedBase64(rawId),
type: assertedCredential.type,
@@ -69,7 +66,7 @@ async function verifyAssertion(assertedCredential) {
signature: encodeURLEncodedBase64(sig),
userHandle: encodeURLEncodedBase64(userHandle),
},
- }),
+ },
});
if (res.status === 500) {
webAuthnError('unknown');
@@ -88,13 +85,8 @@ async function webauthnRegistered(newCredential) {
const clientDataJSON = new Uint8Array(newCredential.response.clientDataJSON);
const rawId = new Uint8Array(newCredential.rawId);
- const res = await fetch(`${appSubUrl}/user/settings/security/webauthn/register`, {
- method: 'POST',
- headers: {
- 'X-Csrf-Token': csrfToken,
- 'Content-Type': 'application/json; charset=utf-8',
- },
- body: JSON.stringify({
+ const res = await POST(`${appSubUrl}/user/settings/security/webauthn/register`, {
+ data: {
id: newCredential.id,
rawId: encodeURLEncodedBase64(rawId),
type: newCredential.type,
@@ -102,7 +94,7 @@ async function webauthnRegistered(newCredential) {
attestationObject: encodeURLEncodedBase64(attestationObject),
clientDataJSON: encodeURLEncodedBase64(clientDataJSON),
},
- }),
+ },
});
if (res.status === 409) {
@@ -165,15 +157,11 @@ export function initUserAuthWebAuthnRegister() {
async function webAuthnRegisterRequest() {
const elNickname = document.getElementById('nickname');
- const body = new FormData();
- body.append('name', elNickname.value);
+ const formData = new FormData();
+ formData.append('name', elNickname.value);
- const res = await fetch(`${appSubUrl}/user/settings/security/webauthn/request_register`, {
- method: 'POST',
- headers: {
- 'X-Csrf-Token': csrfToken,
- },
- body,
+ const res = await POST(`${appSubUrl}/user/settings/security/webauthn/request_register`, {
+ data: formData,
});
if (res.status === 409) {
diff --git a/web_src/js/modules/fetch.js b/web_src/js/modules/fetch.js
index 63732206c6..9fccf4a81e 100644
--- a/web_src/js/modules/fetch.js
+++ b/web_src/js/modules/fetch.js
@@ -2,17 +2,18 @@ import {isObject} from '../utils.js';
const {csrfToken} = window.config;
+// safe HTTP methods that don't need a csrf token
+const safeMethods = new Set(['GET', 'HEAD', 'OPTIONS', 'TRACE']);
+
// fetch wrapper, use below method name functions and the `data` option to pass in data
-// which will automatically set an appropriate content-type header. For json content,
-// only object and array types are currently supported.
-function request(url, {headers, data, body, ...other} = {}) {
+// which will automatically set an appropriate headers. For json content, only object
+// and array types are currently supported.
+export function request(url, {method = 'GET', headers = {}, data, body, ...other} = {}) {
let contentType;
if (!body) {
if (data instanceof FormData) {
- contentType = 'multipart/form-data';
body = data;
} else if (data instanceof URLSearchParams) {
- contentType = 'application/x-www-form-urlencoded';
body = data;
} else if (isObject(data) || Array.isArray(data)) {
contentType = 'application/json';
@@ -20,12 +21,18 @@ function request(url, {headers, data, body, ...other} = {}) {
}
}
+ const headersMerged = new Headers({
+ ...(!safeMethods.has(method.toUpperCase()) && {'x-csrf-token': csrfToken}),
+ ...(contentType && {'content-type': contentType}),
+ });
+
+ for (const [name, value] of Object.entries(headers)) {
+ headersMerged.set(name, value);
+ }
+
return fetch(url, {
- headers: {
- 'x-csrf-token': csrfToken,
- ...(contentType && {'content-type': contentType}),
- ...headers,
- },
+ method,
+ headers: headersMerged,
...(body && {body}),
...other,
});