fix(security): replace getQuery with frontend equivalent
This commit is contained in:
parent
4267221970
commit
c729972325
|
@ -201,22 +201,11 @@ App::get('/auth/magic-url')
|
|||
->groups(['web', 'home'])
|
||||
->label('permission', 'public')
|
||||
->label('scope', 'home')
|
||||
->inject('request')
|
||||
// ->inject('response')
|
||||
->inject('layout')
|
||||
->action(function ($request, $layout) {
|
||||
/** @var Utopia\Swoole\Request $request */
|
||||
/** @var Utopia\Swoole\Response $response */
|
||||
->action(function ($layout) {
|
||||
/** @var Utopia\View $layout */
|
||||
|
||||
$page = new View(__DIR__.'/../../views/home/auth/magicURL.phtml');
|
||||
|
||||
$userId = $request->getQuery('userId');
|
||||
$secret = $request->getQuery('secret');
|
||||
$project = $request->getQuery('project');
|
||||
$page
|
||||
->setParam('userId', $userId)
|
||||
->setParam('secret', $secret)
|
||||
->setParam('project', $project);
|
||||
|
||||
$layout
|
||||
->setParam('title', APP_NAME)
|
||||
|
|
|
@ -10,11 +10,14 @@
|
|||
document.getElementById('message').style.display = 'block';
|
||||
}, 25);
|
||||
|
||||
<?php echo "const userId = '" . $this->getParam('userId') . "';"; ?>
|
||||
<?php echo "const secret = '" . $this->getParam('secret') . "';"; ?>
|
||||
<?php echo "const project = '" . $this->getParam('project') . "';"; ?>
|
||||
const urlSearchParams = new URLSearchParams(window.location.search);
|
||||
const {
|
||||
userId,
|
||||
secret,
|
||||
project
|
||||
} = Object.fromEntries(urlSearchParams.entries());
|
||||
|
||||
const formData = new FormData();
|
||||
const formData = new FormData();
|
||||
formData.append('userId', userId);
|
||||
formData.append('secret', secret);
|
||||
|
||||
|
|
Loading…
Reference in a new issue