Security fixes (#8081)

* use safeloader * use json responses wherever possible * remove CORS and add CSRF token * formatting fixes * add envjs back * fix baseurl test
2023-10-06 22:20:30 -05:00
parent 9a4f970337
commit 14d2b79c72
24 changed files with 1357 additions and 488 deletions
--- a/web/src/api/index.jsx
+++ b/web/src/api/index.jsx
@@ -5,6 +5,9 @@ import { WsProvider } from './ws';
 import axios from 'axios';

 axios.defaults.baseURL = `${baseUrl}api/`;
+axios.defaults.headers.common = {
+  'X-CSRF-TOKEN': 1,
+};

 export function ApiProvider({ children, options }) {
  return (