Merge commit from fork

* (security) Mandate content-type on POST calls * (security) Add JSON content-type in POST requests with a body * Added Content Type on missing endpoints * (review) docs and newlines * (docs) add JSON content type header * style(clang-format): fix lint errors --------- Co-authored-by: axfla <axfla@hotmail.fr> Co-authored-by: ReenigneArcher <42013603+ReenigneArcher@users.noreply.github.com>
2025-06-27 22:57:59 +02:00
parent d6820ba019
commit 738ac93a0e
8 changed files with 127 additions and 8 deletions
--- a/src_assets/common/assets/web/troubleshooting.html
+++ b/src_assets/common/assets/web/troubleshooting.html
@@ -207,7 +207,11 @@
        },
        closeApp() {
          this.closeAppPressed = true;
-          fetch("./api/apps/close", { method: "POST" })
+          fetch("./api/apps/close", { 
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json"
+            } })
            .then((r) => r.json())
            .then((r) => {
              this.closeAppPressed = false;
@@ -219,7 +223,12 @@
        },
        unpairAll() {
          this.unpairAllPressed = true;
-          fetch("./api/clients/unpair-all", { method: "POST" })
+          fetch("./api/clients/unpair-all", { 
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json"
+            }
+           })
            .then((r) => r.json())
            .then((r) => {
              this.unpairAllPressed = false;
@@ -231,7 +240,13 @@
            });
        },
        unpairSingle(uuid) {
-          fetch("./api/clients/unpair", { method: "POST", body: JSON.stringify({ uuid }) }).then(() => {
+          fetch("./api/clients/unpair", { 
+            method: "POST", 
+            headers: {
+              'Content-Type': 'application/json'
+            }, 
+            body: JSON.stringify({ uuid }) 
+          }).then(() => {
            this.showApplyMessage = true;
            this.refreshClients();
          });
@@ -263,11 +278,19 @@
          }, 5000);
          fetch("./api/restart", {
            method: "POST",
+            headers: {
+                "Content-Type": "application/json"
+            }
          });
        },
        ddResetPersistence() {
          this.ddResetPressed = true;
-          fetch("/api/reset-display-device-persistence", { method: "POST" })
+          fetch("/api/reset-display-device-persistence", { 
+            method: "POST",
+            headers: { 
+              "Content-Type": "application/json" 
+            } 
+          })
            .then((r) => r.json())
            .then((r) => {
              this.ddResetPressed = false;