Return correct csrf tokens for REST requests

2025-04-04 18:10:56 +01:00 · 2023-08-21 20:02:36 -04:00 · 2023-08-21 20:02:36 -04:00 · b9e97c87ca
commit b9e97c87ca
parent 42efe99fbf
2 changed files with 2 additions and 9 deletions
--- a/src/api/status.ts
+++ b/src/api/status.ts
@ -3,12 +3,11 @@ import { Constants } from '../constants';
 import { fetchConversation } from '../fetch';
 import { linkFixer } from '../helpers/linkFixer';
 import { handleMosaic } from '../helpers/mosaic';
-import { colorFromPalette } from '../helpers/palette';
 import { translateTweet } from '../helpers/translate';
 import { unescapeText } from '../helpers/utils';
 import { processMedia } from '../helpers/media';
 import { convertToApiUser } from './user';
-import { isGraphQLTweet, isGraphQLTweetNotFoundResponse } from '../utils/graphql';
+import { isGraphQLTweet } from '../utils/graphql';

 /* This function does the heavy lifting of processing data from Twitter API
   and using it to create FixTweet's streamlined API responses */
--- a/src/fetch.ts
+++ b/src/fetch.ts
@ -6,12 +6,6 @@ import { isGraphQLTweet } from './utils/graphql';
 const API_ATTEMPTS = 3;
 let wasElongatorDisabled = false;

-function generateCSRFToken() {
-  const randomBytes = new Uint8Array(160 / 2);
-  crypto.getRandomValues(randomBytes);
-  return Array.from(randomBytes, byte => byte.toString(16).padStart(2, '0')).join('');
-}
-
 export const twitterFetch = async (
  url: string,
  event: FetchEvent,
@ -62,7 +56,7 @@ export const twitterFetch = async (
  while (apiAttempts < API_ATTEMPTS) {
    /* Generate a random CSRF token, Twitter just cares that header and cookie match,
    REST can use shorter csrf tokens (32 bytes) but graphql prefers 160 bytes */
-    const csrfToken = generateCSRFToken();
+    const csrfToken = crypto.randomUUID().replace(/-/g, '');

    const headers: Record<string, string> = {
      Authorization: Constants.GUEST_BEARER_TOKEN,