diff --git a/src/porchlight/static/webauthn.js b/src/porchlight/static/webauthn.js
index c2dd181..0ed2a50 100644
--- a/src/porchlight/static/webauthn.js
+++ b/src/porchlight/static/webauthn.js
@@ -14,6 +14,11 @@ function bytesToBase64url(bytes) {
return btoa(raw).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
}
+function getCsrfToken() {
+ const meta = document.querySelector('meta[name="csrf-token"]');
+ return meta ? meta.getAttribute('content') : '';
+}
+
async function beginRegistration() {
const statusEl = document.getElementById('webauthn-status');
@@ -21,7 +26,7 @@ async function beginRegistration() {
// Step 1: Get options from server
const beginRes = await fetch('/manage/credentials/webauthn/begin', {
method: 'POST',
- headers: { 'Content-Type': 'application/json' },
+ headers: { 'Content-Type': 'application/json', 'X-CSRF-Token': getCsrfToken() },
});
if (!beginRes.ok) {
if (statusEl) statusEl.innerHTML = 'Failed to start registration
';
@@ -57,7 +62,7 @@ async function beginRegistration() {
// Step 5: Send to server
const completeRes = await fetch('/manage/credentials/webauthn/complete', {
method: 'POST',
- headers: { 'Content-Type': 'application/json' },
+ headers: { 'Content-Type': 'application/json', 'X-CSRF-Token': getCsrfToken() },
body: JSON.stringify(body),
});
@@ -115,7 +120,7 @@ async function beginAuthentication() {
// Step 5: Send to server
const completeRes = await fetch('/login/webauthn/complete', {
method: 'POST',
- headers: { 'Content-Type': 'application/json' },
+ headers: { 'Content-Type': 'application/json', 'X-CSRF-Token': getCsrfToken() },
body: JSON.stringify(body),
});
diff --git a/src/porchlight/templates/base.html b/src/porchlight/templates/base.html
index ecd9e33..80e0f63 100644
--- a/src/porchlight/templates/base.html
+++ b/src/porchlight/templates/base.html
@@ -3,11 +3,12 @@
+
{% block title %}Porchlight{% endblock %}
-
+
Skip to content