mirror of
https://github.com/catlog22/Claude-Code-Workflow.git
synced 2026-02-13 02:41:50 +08:00
fix: 使用 csrfFetch 替换 fetch 以增强 API 请求的安全性
This commit is contained in:
catlog22
@@ -350,7 +350,7 @@ async function loadCliToolsConfig() {
|
||||
*/
|
||||
async function updateCliToolEnabled(tool, enabled) {
|
||||
try {
|
||||
const response = await fetch('/api/cli/tools-config/' + tool, {
|
||||
const response = await csrfFetch('/api/cli/tools-config/' + tool, {
|
||||
method: 'PUT',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({ enabled: enabled })
|
||||
@@ -796,7 +796,7 @@ function setDefaultCliTool(tool) {
|
||||
// Save to config
|
||||
if (window.claudeCliToolsConfig) {
|
||||
window.claudeCliToolsConfig.defaultTool = tool;
|
||||
fetch('/api/cli/tools-config', {
|
||||
csrfFetch('/api/cli/tools-config', {
|
||||
method: 'PUT',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({ defaultTool: tool })
|
||||
@@ -851,7 +851,7 @@ function getCacheInjectionMode() {
|
||||
|
||||
async function setCacheInjectionMode(mode) {
|
||||
try {
|
||||
const response = await fetch('/api/cli/tools-config/cache', {
|
||||
const response = await csrfFetch('/api/cli/tools-config/cache', {
|
||||
method: 'PUT',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({ injectionMode: mode })
|
||||
@@ -1021,7 +1021,7 @@ async function startCodexLensInstall() {
|
||||
}, 1500);
|
||||
|
||||
try {
|
||||
const response = await fetch('/api/codexlens/bootstrap', {
|
||||
const response = await csrfFetch('/api/codexlens/bootstrap', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({})
|
||||
@@ -1171,7 +1171,7 @@ async function startCodexLensUninstall() {
|
||||
}, 500);
|
||||
|
||||
try {
|
||||
const response = await fetch('/api/codexlens/uninstall', {
|
||||
const response = await csrfFetch('/api/codexlens/uninstall', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({})
|
||||
@@ -1257,7 +1257,7 @@ async function initCodexLensIndex() {
|
||||
console.log('[CodexLens] Initializing index for path:', targetPath);
|
||||
|
||||
try {
|
||||
const response = await fetch('/api/codexlens/init', {
|
||||
const response = await csrfFetch('/api/codexlens/init', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({ path: targetPath })
|
||||
@@ -1424,7 +1424,7 @@ async function startSemanticInstall() {
|
||||
}, 2000);
|
||||
|
||||
try {
|
||||
const response = await fetch('/api/codexlens/semantic/install', {
|
||||
const response = await csrfFetch('/api/codexlens/semantic/install', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({})
|
||||
|
||||
@@ -449,7 +449,7 @@ async function saveHook(scope, event, hookData) {
|
||||
// Convert to Claude Code format before saving
|
||||
const convertedHookData = convertToClaudeCodeFormat(hookData);
|
||||
|
||||
const response = await fetch('/api/hooks', {
|
||||
const response = await csrfFetch('/api/hooks', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
@@ -478,7 +478,7 @@ async function saveHook(scope, event, hookData) {
|
||||
|
||||
async function removeHook(scope, event, hookIndex) {
|
||||
try {
|
||||
const response = await fetch('/api/hooks', {
|
||||
const response = await csrfFetch('/api/hooks', {
|
||||
method: 'DELETE',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
|
||||
@@ -252,7 +252,7 @@ async function cleanIndexProject(projectId) {
|
||||
|
||||
// The project ID is the directory name in the index folder
|
||||
// We need to construct the full path or use a clean API
|
||||
const response = await fetch('/api/codexlens/clean', {
|
||||
const response = await csrfFetch('/api/codexlens/clean', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({ projectId: projectId })
|
||||
@@ -282,7 +282,7 @@ async function cleanAllIndexesConfirm() {
|
||||
try {
|
||||
showRefreshToast(t('index.cleaning') || 'Cleaning indexes...', 'info');
|
||||
|
||||
const response = await fetch('/api/codexlens/clean', {
|
||||
const response = await csrfFetch('/api/codexlens/clean', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({ all: true })
|
||||
|
||||
@@ -91,7 +91,7 @@ function getCliMode() {
|
||||
*/
|
||||
async function addCodexMcpServer(serverName, serverConfig) {
|
||||
try {
|
||||
const response = await fetch('/api/codex-mcp-add', {
|
||||
const response = await csrfFetch('/api/codex-mcp-add', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
@@ -123,7 +123,7 @@ async function addCodexMcpServer(serverName, serverConfig) {
|
||||
*/
|
||||
async function removeCodexMcpServer(serverName) {
|
||||
try {
|
||||
const response = await fetch('/api/codex-mcp-remove', {
|
||||
const response = await csrfFetch('/api/codex-mcp-remove', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({ serverName })
|
||||
@@ -152,7 +152,7 @@ async function removeCodexMcpServer(serverName) {
|
||||
*/
|
||||
async function toggleCodexMcpServer(serverName, enabled) {
|
||||
try {
|
||||
const response = await fetch('/api/codex-mcp-toggle', {
|
||||
const response = await csrfFetch('/api/codex-mcp-toggle', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({ serverName, enabled })
|
||||
@@ -205,7 +205,7 @@ async function copyCodexServerToClaude(serverName, serverConfig) {
|
||||
|
||||
async function toggleMcpServer(serverName, enable) {
|
||||
try {
|
||||
const response = await fetch('/api/mcp-toggle', {
|
||||
const response = await csrfFetch('/api/mcp-toggle', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
@@ -239,7 +239,7 @@ async function copyMcpServerToProject(serverName, serverConfig, configType = nul
|
||||
configType = preferredProjectConfigType;
|
||||
}
|
||||
|
||||
const response = await fetch('/api/mcp-copy-server', {
|
||||
const response = await csrfFetch('/api/mcp-copy-server', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
@@ -316,7 +316,7 @@ function showConfigTypeDialog() {
|
||||
|
||||
async function removeMcpServerFromProject(serverName) {
|
||||
try {
|
||||
const response = await fetch('/api/mcp-remove-server', {
|
||||
const response = await csrfFetch('/api/mcp-remove-server', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
@@ -343,7 +343,7 @@ async function removeMcpServerFromProject(serverName) {
|
||||
|
||||
async function addGlobalMcpServer(serverName, serverConfig) {
|
||||
try {
|
||||
const response = await fetch('/api/mcp-add-global-server', {
|
||||
const response = await csrfFetch('/api/mcp-add-global-server', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
@@ -370,7 +370,7 @@ async function addGlobalMcpServer(serverName, serverConfig) {
|
||||
|
||||
async function removeGlobalMcpServer(serverName) {
|
||||
try {
|
||||
const response = await fetch('/api/mcp-remove-global-server', {
|
||||
const response = await csrfFetch('/api/mcp-remove-global-server', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
@@ -809,7 +809,7 @@ async function submitMcpCreateFromJson() {
|
||||
|
||||
for (const [name, config] of Object.entries(servers)) {
|
||||
try {
|
||||
const response = await fetch('/api/mcp-copy-server', {
|
||||
const response = await csrfFetch('/api/mcp-copy-server', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
@@ -854,7 +854,7 @@ async function createMcpServerWithConfig(name, serverConfig, scope = 'project')
|
||||
|
||||
if (scope === 'codex') {
|
||||
// Create in Codex config.toml
|
||||
response = await fetch('/api/codex-mcp-add', {
|
||||
response = await csrfFetch('/api/codex-mcp-add', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
@@ -864,7 +864,7 @@ async function createMcpServerWithConfig(name, serverConfig, scope = 'project')
|
||||
});
|
||||
scopeLabel = 'Codex';
|
||||
} else if (scope === 'global') {
|
||||
response = await fetch('/api/mcp-add-global-server', {
|
||||
response = await csrfFetch('/api/mcp-add-global-server', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
@@ -874,7 +874,7 @@ async function createMcpServerWithConfig(name, serverConfig, scope = 'project')
|
||||
});
|
||||
scopeLabel = 'global';
|
||||
} else {
|
||||
response = await fetch('/api/mcp-copy-server', {
|
||||
response = await csrfFetch('/api/mcp-copy-server', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
@@ -1006,7 +1006,7 @@ async function installCcwToolsMcp(scope = 'workspace') {
|
||||
|
||||
if (scope === 'global') {
|
||||
// Install to global (~/.claude.json mcpServers)
|
||||
const response = await fetch('/api/mcp-add-global-server', {
|
||||
const response = await csrfFetch('/api/mcp-add-global-server', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
@@ -1028,7 +1028,7 @@ async function installCcwToolsMcp(scope = 'workspace') {
|
||||
} else {
|
||||
// Install to workspace (use preferredProjectConfigType)
|
||||
const configType = preferredProjectConfigType;
|
||||
const response = await fetch('/api/mcp-copy-server', {
|
||||
const response = await csrfFetch('/api/mcp-copy-server', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
@@ -1074,7 +1074,7 @@ async function updateCcwToolsMcp(scope = 'workspace') {
|
||||
|
||||
if (scope === 'global') {
|
||||
// Update global (~/.claude.json mcpServers)
|
||||
const response = await fetch('/api/mcp-add-global-server', {
|
||||
const response = await csrfFetch('/api/mcp-add-global-server', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
@@ -1096,7 +1096,7 @@ async function updateCcwToolsMcp(scope = 'workspace') {
|
||||
} else {
|
||||
// Update workspace (use preferredProjectConfigType)
|
||||
const configType = preferredProjectConfigType;
|
||||
const response = await fetch('/api/mcp-copy-server', {
|
||||
const response = await csrfFetch('/api/mcp-copy-server', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
|
||||
@@ -415,7 +415,7 @@ async function cleanProjectStorage(projectId) {
|
||||
}
|
||||
|
||||
try {
|
||||
const res = await fetch('/api/storage/clean', {
|
||||
const res = await csrfFetch('/api/storage/clean', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({ projectId })
|
||||
@@ -451,7 +451,7 @@ async function cleanAllStorageConfirm() {
|
||||
}
|
||||
|
||||
try {
|
||||
const res = await fetch('/api/storage/clean', {
|
||||
const res = await csrfFetch('/api/storage/clean', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({ all: true })
|
||||
|
||||
@@ -568,7 +568,7 @@ async function executeSidebarUpdateTask(taskId) {
|
||||
}
|
||||
|
||||
try {
|
||||
const response = await fetch('/api/update-claude-md', {
|
||||
const response = await csrfFetch('/api/update-claude-md', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({
|
||||
|
||||
Reference in New Issue
Block a user