Improve security
This commit is contained in:
@@ -16,7 +16,7 @@ const navTitleVisible = ref(true) // whether AppNav's "RSS Reader (N)" title is
|
||||
let observer; // Declare observer outside the setup function
|
||||
let initialLoad = false
|
||||
|
||||
function authHeaders() {
|
||||
export function authHeaders() {
|
||||
return {
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
@@ -25,6 +25,20 @@ function authHeaders() {
|
||||
}
|
||||
}
|
||||
|
||||
// Tells the server to revoke the current token (bumps token_version, so any
|
||||
// other outstanding tokens for this account are invalidated too) before
|
||||
// clearing the local session. Best-effort: if the request fails (e.g. the
|
||||
// token already expired) the local session is cleared regardless.
|
||||
export async function logout() {
|
||||
try {
|
||||
await axios.post('/api/v1/auth/logout', null, authHeaders())
|
||||
} catch (error) {
|
||||
console.error('Error logging out', error)
|
||||
}
|
||||
localStorage.removeItem('user-token')
|
||||
localStorage.removeItem('user-id')
|
||||
}
|
||||
|
||||
// Some feeds (e.g. Deutsche Welle) ship <img> tags whose `src` and various
|
||||
// lazy-load attributes (`data-url`, `data-src`, `srcset`, ...) contain an
|
||||
// unresolved `${placeholderName}` template — or its URL-encoded `%7B...%7D`
|
||||
|
||||
Reference in New Issue
Block a user