Merge branch 'sk-token-csrf-protection'

GitOrigin-RevId: e71f7264be45b665502150e9ffbb85b3fc94665e
2026-05-23 17:19:37 +02:00 · 2020-02-25 09:39:53 +00:00
parent 995dbc514d
commit 7cbb00f207
19 changed files with 1473 additions and 3118 deletions
--- a/services/web/app/src/Features/Project/ProjectController.js
+++ b/services/web/app/src/Features/Project/ProjectController.js
@@ -736,12 +736,15 @@ const ProjectController = {
        const { subscription } = results
        const { brandVariation } = results

-        const token = TokenAccessHandler.getRequestToken(req, projectId)
+        const anonRequestToken = TokenAccessHandler.getRequestToken(
+          req,
+          projectId
+        )
        const { isTokenMember } = results
        AuthorizationManager.getPrivilegeLevelForProject(
          userId,
          projectId,
-          token,
+          anonRequestToken,
          (error, privilegeLevel) => {
            let allowedFreeTrial
            if (error != null) {
@@ -804,7 +807,7 @@ const ProjectController = {
              privilegeLevel,
              chatUrl: Settings.apis.chat.url,
              anonymous,
-              anonymousAccessToken: req._anonymousAccessToken,
+              anonymousAccessToken: anonymous ? anonRequestToken : null,
              isTokenMember,
              isRestrictedTokenMember: AuthorizationManager.isRestrictedUser(
                userId,
@@ -931,7 +934,6 @@ const ProjectController = {
      archived,
      trashed,
      owner_ref: project.owner_ref,
-      tokens: project.tokens,
      isV1Project: false
    }
    if (accessLevel === PrivilegeLevels.READ_ONLY && source === Sources.TOKEN) {