catlog22/Claude-Code-Workflow
1
0
Fork 0
mirror of https://github.com/catlog22/Claude-Code-Workflow.git synced 2026-02-05 01:50:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: 使用 csrfFetch 替换 fetch 以增强 API 请求的安全性

Browse Source
This commit is contained in:
catlog22
2026-01-13 11:42:28 +08:00
parent 6b8e73bd32
commit 4caa622942
11 changed files with 36 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ccw/src/templates/dashboard-js/api.js
View File

@@ -174,7 +174,7 @@ function refreshRecentPaths() {
*/
async function removeRecentPathFromList(path) {
try {
const response = await fetch('/api/remove-recent-path', {
const response = await csrfFetch('/api/remove-recent-path', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ path })

14
ccw/src/templates/dashboard-js/components/cli-status.js
View File

@@ -350,7 +350,7 @@ async function loadCliToolsConfig() {
*/
async function updateCliToolEnabled(tool, enabled) {
try {
const response = await fetch('/api/cli/tools-config/' + tool, {
const response = await csrfFetch('/api/cli/tools-config/' + tool, {
method: 'PUT',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ enabled: enabled })
@@ -796,7 +796,7 @@ function setDefaultCliTool(tool) {
// Save to config
if (window.claudeCliToolsConfig) {
window.claudeCliToolsConfig.defaultTool = tool;
fetch('/api/cli/tools-config', {
csrfFetch('/api/cli/tools-config', {
method: 'PUT',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ defaultTool: tool })
@@ -851,7 +851,7 @@ function getCacheInjectionMode() {
async function setCacheInjectionMode(mode) {
try {
const response = await fetch('/api/cli/tools-config/cache', {
const response = await csrfFetch('/api/cli/tools-config/cache', {
method: 'PUT',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ injectionMode: mode })
@@ -1021,7 +1021,7 @@ async function startCodexLensInstall() {
}, 1500);
try {
const response = await fetch('/api/codexlens/bootstrap', {
const response = await csrfFetch('/api/codexlens/bootstrap', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({})
@@ -1171,7 +1171,7 @@ async function startCodexLensUninstall() {
}, 500);
try {
const response = await fetch('/api/codexlens/uninstall', {
const response = await csrfFetch('/api/codexlens/uninstall', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({})
@@ -1257,7 +1257,7 @@ async function initCodexLensIndex() {
console.log('[CodexLens] Initializing index for path:', targetPath);
try {
const response = await fetch('/api/codexlens/init', {
const response = await csrfFetch('/api/codexlens/init', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ path: targetPath })
@@ -1424,7 +1424,7 @@ async function startSemanticInstall() {
}, 2000);
try {
const response = await fetch('/api/codexlens/semantic/install', {
const response = await csrfFetch('/api/codexlens/semantic/install', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({})

4
ccw/src/templates/dashboard-js/components/hook-manager.js
View File

@@ -449,7 +449,7 @@ async function saveHook(scope, event, hookData) {
// Convert to Claude Code format before saving
const convertedHookData = convertToClaudeCodeFormat(hookData);
const response = await fetch('/api/hooks', {
const response = await csrfFetch('/api/hooks', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
@@ -478,7 +478,7 @@ async function saveHook(scope, event, hookData) {
async function removeHook(scope, event, hookIndex) {
try {
const response = await fetch('/api/hooks', {
const response = await csrfFetch('/api/hooks', {
method: 'DELETE',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({

4
ccw/src/templates/dashboard-js/components/index-manager.js
View File

@@ -252,7 +252,7 @@ async function cleanIndexProject(projectId) {
// The project ID is the directory name in the index folder
// We need to construct the full path or use a clean API
const response = await fetch('/api/codexlens/clean', {
const response = await csrfFetch('/api/codexlens/clean', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ projectId: projectId })
@@ -282,7 +282,7 @@ async function cleanAllIndexesConfirm() {
try {
showRefreshToast(t('index.cleaning') || 'Cleaning indexes...', 'info');
const response = await fetch('/api/codexlens/clean', {
const response = await csrfFetch('/api/codexlens/clean', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ all: true })

32
ccw/src/templates/dashboard-js/components/mcp-manager.js
View File

@@ -91,7 +91,7 @@ function getCliMode() {
*/
async function addCodexMcpServer(serverName, serverConfig) {
try {
const response = await fetch('/api/codex-mcp-add', {
const response = await csrfFetch('/api/codex-mcp-add', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
@@ -123,7 +123,7 @@ async function addCodexMcpServer(serverName, serverConfig) {
*/
async function removeCodexMcpServer(serverName) {
try {
const response = await fetch('/api/codex-mcp-remove', {
const response = await csrfFetch('/api/codex-mcp-remove', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ serverName })
@@ -152,7 +152,7 @@ async function removeCodexMcpServer(serverName) {
*/
async function toggleCodexMcpServer(serverName, enabled) {
try {
const response = await fetch('/api/codex-mcp-toggle', {
const response = await csrfFetch('/api/codex-mcp-toggle', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ serverName, enabled })
@@ -205,7 +205,7 @@ async function copyCodexServerToClaude(serverName, serverConfig) {
async function toggleMcpServer(serverName, enable) {
try {
const response = await fetch('/api/mcp-toggle', {
const response = await csrfFetch('/api/mcp-toggle', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
@@ -239,7 +239,7 @@ async function copyMcpServerToProject(serverName, serverConfig, configType = nul
configType = preferredProjectConfigType;
}
const response = await fetch('/api/mcp-copy-server', {
const response = await csrfFetch('/api/mcp-copy-server', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
@@ -316,7 +316,7 @@ function showConfigTypeDialog() {
async function removeMcpServerFromProject(serverName) {
try {
const response = await fetch('/api/mcp-remove-server', {
const response = await csrfFetch('/api/mcp-remove-server', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
@@ -343,7 +343,7 @@ async function removeMcpServerFromProject(serverName) {
async function addGlobalMcpServer(serverName, serverConfig) {
try {
const response = await fetch('/api/mcp-add-global-server', {
const response = await csrfFetch('/api/mcp-add-global-server', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
@@ -370,7 +370,7 @@ async function addGlobalMcpServer(serverName, serverConfig) {
async function removeGlobalMcpServer(serverName) {
try {
const response = await fetch('/api/mcp-remove-global-server', {
const response = await csrfFetch('/api/mcp-remove-global-server', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
@@ -809,7 +809,7 @@ async function submitMcpCreateFromJson() {
for (const [name, config] of Object.entries(servers)) {
try {
const response = await fetch('/api/mcp-copy-server', {
const response = await csrfFetch('/api/mcp-copy-server', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
@@ -854,7 +854,7 @@ async function createMcpServerWithConfig(name, serverConfig, scope = 'project')
if (scope === 'codex') {
// Create in Codex config.toml
response = await fetch('/api/codex-mcp-add', {
response = await csrfFetch('/api/codex-mcp-add', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
@@ -864,7 +864,7 @@ async function createMcpServerWithConfig(name, serverConfig, scope = 'project')
});
scopeLabel = 'Codex';
} else if (scope === 'global') {
response = await fetch('/api/mcp-add-global-server', {
response = await csrfFetch('/api/mcp-add-global-server', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
@@ -874,7 +874,7 @@ async function createMcpServerWithConfig(name, serverConfig, scope = 'project')
});
scopeLabel = 'global';
} else {
response = await fetch('/api/mcp-copy-server', {
response = await csrfFetch('/api/mcp-copy-server', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
@@ -1006,7 +1006,7 @@ async function installCcwToolsMcp(scope = 'workspace') {
if (scope === 'global') {
// Install to global (~/.claude.json mcpServers)
const response = await fetch('/api/mcp-add-global-server', {
const response = await csrfFetch('/api/mcp-add-global-server', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
@@ -1028,7 +1028,7 @@ async function installCcwToolsMcp(scope = 'workspace') {
} else {
// Install to workspace (use preferredProjectConfigType)
const configType = preferredProjectConfigType;
const response = await fetch('/api/mcp-copy-server', {
const response = await csrfFetch('/api/mcp-copy-server', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
@@ -1074,7 +1074,7 @@ async function updateCcwToolsMcp(scope = 'workspace') {
if (scope === 'global') {
// Update global (~/.claude.json mcpServers)
const response = await fetch('/api/mcp-add-global-server', {
const response = await csrfFetch('/api/mcp-add-global-server', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
@@ -1096,7 +1096,7 @@ async function updateCcwToolsMcp(scope = 'workspace') {
} else {
// Update workspace (use preferredProjectConfigType)
const configType = preferredProjectConfigType;
const response = await fetch('/api/mcp-copy-server', {
const response = await csrfFetch('/api/mcp-copy-server', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({

4
ccw/src/templates/dashboard-js/components/storage-manager.js
View File

@@ -415,7 +415,7 @@ async function cleanProjectStorage(projectId) {
}
try {
const res = await fetch('/api/storage/clean', {
const res = await csrfFetch('/api/storage/clean', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ projectId })
@@ -451,7 +451,7 @@ async function cleanAllStorageConfirm() {
}
try {
const res = await fetch('/api/storage/clean', {
const res = await csrfFetch('/api/storage/clean', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ all: true })

2
ccw/src/templates/dashboard-js/components/task-queue-sidebar.js
View File

@@ -568,7 +568,7 @@ async function executeSidebarUpdateTask(taskId) {
}
try {
const response = await fetch('/api/update-claude-md', {
const response = await csrfFetch('/api/update-claude-md', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({

2
ccw/src/templates/dashboard-js/views/cli-manager.js
View File

@@ -2752,7 +2752,7 @@ async function installSemanticDeps() {
'<div class="text-sm text-muted-foreground animate-pulse">' + t('codexlens.installingDeps') + '</div>';
try {
var response = await fetch('/api/codexlens/semantic/install', { method: 'POST' });
var response = await csrfFetch('/api/codexlens/semantic/install', { method: 'POST' });
var result = await response.json();
if (result.success) {

4
ccw/src/templates/dashboard-js/views/codexlens-manager.js
View File

@@ -3613,7 +3613,7 @@ async function initCodexLensIndex(indexType, embeddingModel, embeddingBackend, m
// Install semantic dependencies first
showRefreshToast(t('codexlens.installingDeps') || 'Installing semantic dependencies...', 'info');
try {
var installResponse = await fetch('/api/codexlens/semantic/install', { method: 'POST' });
var installResponse = await csrfFetch('/api/codexlens/semantic/install', { method: 'POST' });
var installResult = await installResponse.json();
if (!installResult.success) {
@@ -5383,7 +5383,7 @@ function initCodexLensManagerPageEvents(currentConfig) {
saveBtn.disabled = true;
saveBtn.innerHTML = '<span class="animate-pulse">' + t('common.saving') + '</span>';
try {
var response = await fetch('/api/codexlens/config', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ index_dir: newIndexDir }) });
var response = await csrfFetch('/api/codexlens/config', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ index_dir: newIndexDir }) });
var result = await response.json();
if (result.success) { showRefreshToast(t('codexlens.configSaved'), 'success'); renderCodexLensManager(); }
else { showRefreshToast(t('common.saveFailed') + ': ' + result.error, 'error'); }

2
ccw/src/templates/dashboard-js/views/memory.js
View File

@@ -1114,7 +1114,7 @@ async function deleteInsight(insightId) {
if (!confirm(t('memory.confirmDeleteInsight'))) return;
try {
var response = await fetch('/api/memory/insights/' + insightId, { method: 'DELETE' });
var response = await csrfFetch('/api/memory/insights/' + insightId, { method: 'DELETE' });
if (!response.ok) throw new Error('Failed to delete insight');
selectedInsight = null;

2
ccw/src/templates/dashboard-js/views/prompt-history.js
View File

@@ -431,7 +431,7 @@ async function deletePromptInsight(insightId) {
if (!confirm(isZh() ? '确定要删除这条洞察记录吗?' : 'Are you sure you want to delete this insight?')) return;
try {
var response = await fetch('/api/memory/insights/' + insightId, { method: 'DELETE' });
var response = await csrfFetch('/api/memory/insights/' + insightId, { method: 'DELETE' });
if (!response.ok) throw new Error('Failed to delete insight');
selectedPromptInsight = null;