mirror of
https://github.com/flarum/framework.git
synced 2024-12-12 06:03:39 +08:00
9896378b59
- Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default. - Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes. - Refactor and clean up the authentication middleware. - Add an `onhide` hook to the Modal component. (+1 squashed commit)
25 lines
802 B
JavaScript
25 lines
802 B
JavaScript
import Session from 'flarum/Session';
|
|
|
|
/**
|
|
* The `preload` initializer creates the application session and preloads it
|
|
* with data that has been set on the application's `preload` property. It also
|
|
* preloads any data on the application's `preload` property into the store.
|
|
* Finally, it sets the application's `forum` instance to the one that was
|
|
* preloaded.
|
|
*
|
|
* `app.preload.session` should be the same as the response from the /api/token
|
|
* endpoint: it should contain `token` and `userId` keys.
|
|
*
|
|
* @param {App} app
|
|
*/
|
|
export default function preload(app) {
|
|
app.store.pushPayload({data: app.preload.data});
|
|
|
|
app.forum = app.store.getById('forums', 1);
|
|
|
|
app.session = new Session(
|
|
app.store.getById('users', app.preload.session.userId),
|
|
app.preload.session.csrfToken
|
|
);
|
|
}
|