Improve security

This commit is contained in:
2026-06-12 19:22:07 +02:00
parent 0820ce6ef7
commit b457b8abaa
31 changed files with 1266 additions and 169 deletions
+15 -1
View File
@@ -16,7 +16,7 @@ const navTitleVisible = ref(true) // whether AppNav's "RSS Reader (N)" title is
let observer; // Declare observer outside the setup function
let initialLoad = false
function authHeaders() {
export function authHeaders() {
return {
headers: {
'Content-Type': 'application/json',
@@ -25,6 +25,20 @@ function authHeaders() {
}
}
// Tells the server to revoke the current token (bumps token_version, so any
// other outstanding tokens for this account are invalidated too) before
// clearing the local session. Best-effort: if the request fails (e.g. the
// token already expired) the local session is cleared regardless.
export async function logout() {
try {
await axios.post('/api/v1/auth/logout', null, authHeaders())
} catch (error) {
console.error('Error logging out', error)
}
localStorage.removeItem('user-token')
localStorage.removeItem('user-id')
}
// Some feeds (e.g. Deutsche Welle) ship <img> tags whose `src` and various
// lazy-load attributes (`data-url`, `data-src`, `srcset`, ...) contain an
// unresolved `${placeholderName}` template — or its URL-encoded `%7B...%7D`