john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tractatus/public
History
TheFlow 6b79f9a155 fix(newsletter): resolve CSRF token issue for static HTML pages 
Problem:
- nginx serves blog.html as static file, bypassing Express middleware
- setCsrfToken middleware never runs
- No CSRF cookie set
- Newsletter subscription fails with 403 Forbidden

Root cause:
nginx config: 'try_files $uri @proxy' serves static files directly
Location: /etc/nginx/sites-available/tractatus (line 54)

Solution:
1. blog.js now fetches CSRF token via /api/csrf-token on page load
2. getCsrfToken endpoint now creates token if missing (for static pages)
3. Newsletter form uses fetched token for subscription

Testing:
 Local test: CSRF token fetched successfully
 Newsletter subscription: Creates record in database
 Verified: test-fix@example.com subscribed via curl test

Impact:
- Newsletter subscriptions now work on production
- Fix applies to all static HTML pages (blog.html, etc.)
- Maintains CSRF protection security

Files:
- public/js/blog.js: Added fetchCsrfToken() + use in newsletter form
- src/middleware/csrf-protection.middleware.js: Enhanced getCsrfToken()

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-25 09:37:16 +13:00
..
.well-known fix(submissions): restructure Economist package and fix article display 2025-10-24 08:47:42 +13:00
about fix(submissions): restructure Economist package and fix article display 2025-10-24 08:47:42 +13:00
admin chore: bump cache version to 0.1.1 for JS changes 2025-10-25 08:47:54 +13:00
css fix(css): correct justify-center syntax error in loading overlay 2025-10-24 12:41:53 +13:00
demos fix(submissions): restructure Economist package and fix article display 2025-10-24 08:47:42 +13:00
docs fix(submissions): restructure Economist package and fix article display 2025-10-24 08:47:42 +13:00
downloads fix(submissions): restructure Economist package and fix article display 2025-10-24 08:47:42 +13:00
fonts fix(submissions): restructure Economist package and fix article display 2025-10-24 08:47:42 +13:00
images fix(submissions): restructure Economist package and fix article display 2025-10-24 08:47:42 +13:00
js fix(newsletter): resolve CSRF token issue for static HTML pages 2025-10-25 09:37:16 +13:00
koha feat(crm): complete Phase 3 multi-project CRM + critical bug fixes 2025-10-24 18:10:14 +13:00
locales fix(submissions): restructure Economist package and fix article display 2025-10-24 08:47:42 +13:00
about.html chore: bump cache version again 2025-10-25 08:48:14 +13:00
api-reference.html chore: bump cache version again 2025-10-25 08:48:14 +13:00
architecture.html fix(cache): update architecture.html cache version for interactive diagram 2025-10-24 18:28:42 +13:00
blog-post.html chore: bump cache version again 2025-10-25 08:48:14 +13:00
blog.html chore: bump cache version again 2025-10-25 08:48:14 +13:00
case-submission.html chore: bump cache version again 2025-10-25 08:48:14 +13:00
check-version.html chore: bump cache version again 2025-10-25 08:48:14 +13:00
docs-viewer.html chore: bump cache version again 2025-10-25 08:48:14 +13:00
docs.html chore: bump cache version again 2025-10-25 08:48:14 +13:00
faq.html chore: bump cache version again 2025-10-25 08:48:14 +13:00
favicon-new.svg fix(submissions): restructure Economist package and fix article display 2025-10-24 08:47:42 +13:00
favicon.ico fix(submissions): restructure Economist package and fix article display 2025-10-24 08:47:42 +13:00
favicon.svg fix(submissions): restructure Economist package and fix article display 2025-10-24 08:47:42 +13:00
implementer.html chore: bump cache version again 2025-10-25 08:48:14 +13:00
implementer.html.backup fix(submissions): restructure Economist package and fix article display 2025-10-24 08:47:42 +13:00
index.html chore: bump cache version again 2025-10-25 08:48:14 +13:00
koha.html chore: bump cache version again 2025-10-25 08:48:14 +13:00
leader.html chore: bump cache version again 2025-10-25 08:48:14 +13:00
manifest.json fix(submissions): restructure Economist package and fix article display 2025-10-24 08:47:42 +13:00
media-inquiry.html chore: bump cache version again 2025-10-25 08:48:14 +13:00
media-triage-transparency.html fix(submissions): restructure Economist package and fix article display 2025-10-24 08:47:42 +13:00
privacy.html chore: bump cache version again 2025-10-25 08:48:14 +13:00
researcher.html chore: bump cache version again 2025-10-25 08:48:14 +13:00
service-worker.js chore: bump cache version to 0.1.1 for JS changes 2025-10-25 08:47:54 +13:00
test-pressure-chart.html fix(submissions): restructure Economist package and fix article display 2025-10-24 08:47:42 +13:00
version.json chore: bump cache version again 2025-10-25 08:48:14 +13:00