On mobile devices, clicking "Save as Smart View" button caused the search
input to lose focus, triggering the onBlur handler that closes the entire
search menu. The existing onMouseDown preventDefault() only worked for
mouse events, not touch events on mobile.
Added onTouchStart handler alongside onMouseDown to properly prevent
input blur on mobile devices when interacting with the search menu.
Fixes#994
This commit implements CSRF token support for all session-based API
requests to fix the "CSRF token missing" and "CSRF token mismatch" errors
introduced after CSRF protection was added in commit 62c4cc84.
Changes:
- Created csrfService.ts utility for fetching and caching CSRF tokens
- Added getPostHeadersWithCsrf() helper to authUtils for async token injection
- Updated all service files (*Service.ts) to include CSRF tokens in POST/PUT/PATCH/DELETE requests
- Updated components with inline fetch calls to use getCsrfToken()
- Fixed CSRF middleware to use single lusca instance instead of creating new instances per request
- Improved generateToken() to use req.csrfToken() when available
- Added CalDAV path exemption to CSRF protection
Technical details:
- CSRF tokens are fetched from /api/csrf-token endpoint
- Tokens are cached and reused across requests to avoid unnecessary fetches
- Tokens are included in x-csrf-token header for state-changing requests
- Public endpoints (login, register) remain exempt from CSRF protection
- Bearer token authentication remains exempt from CSRF protection
Files modified:
- Backend: app.js, middleware/csrf.js
- Frontend: 13 service files, 8 component files
- New file: frontend/utils/csrfService.ts
This ensures all session-based requests properly include CSRF tokens while
maintaining support for API token authentication.
* Global search scaffold
* Add search preview text
* Add generic fallback for preview text in search
* fixup! Add generic fallback for preview text in search
* Add more tweaks
* fixup! Add more tweaks
* Fix an issue with criteria
* fixup! Fix an issue with criteria
* fixup! fixup! Fix an issue with criteria
* fixup! fixup! fixup! Fix an issue with criteria
* Fix an issue with priority filter
* fixup! Fix an issue with priority filter
* Add sortable pins
* fixup! Add sortable pins
* Make options collapsed by default
* Tweak UI
* Add tests
* Add translations
* Add more translations
* fixup! Add more translations
* Add minor tweaks
