From b9e97c87cafc123955eb0af64a19cbd494358dd6 Mon Sep 17 00:00:00 2001 From: dangered wolf Date: Mon, 21 Aug 2023 20:02:36 -0400 Subject: [PATCH] Return correct csrf tokens for REST requests --- src/api/status.ts | 3 +-- src/fetch.ts | 8 +------- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/src/api/status.ts b/src/api/status.ts index e5e0ef6..1b9bc06 100644 --- a/src/api/status.ts +++ b/src/api/status.ts @@ -3,12 +3,11 @@ import { Constants } from '../constants'; import { fetchConversation } from '../fetch'; import { linkFixer } from '../helpers/linkFixer'; import { handleMosaic } from '../helpers/mosaic'; -import { colorFromPalette } from '../helpers/palette'; import { translateTweet } from '../helpers/translate'; import { unescapeText } from '../helpers/utils'; import { processMedia } from '../helpers/media'; import { convertToApiUser } from './user'; -import { isGraphQLTweet, isGraphQLTweetNotFoundResponse } from '../utils/graphql'; +import { isGraphQLTweet } from '../utils/graphql'; /* This function does the heavy lifting of processing data from Twitter API and using it to create FixTweet's streamlined API responses */ diff --git a/src/fetch.ts b/src/fetch.ts index 21bfec4..149ee61 100644 --- a/src/fetch.ts +++ b/src/fetch.ts @@ -6,12 +6,6 @@ import { isGraphQLTweet } from './utils/graphql'; const API_ATTEMPTS = 3; let wasElongatorDisabled = false; -function generateCSRFToken() { - const randomBytes = new Uint8Array(160 / 2); - crypto.getRandomValues(randomBytes); - return Array.from(randomBytes, byte => byte.toString(16).padStart(2, '0')).join(''); -} - export const twitterFetch = async ( url: string, event: FetchEvent, @@ -62,7 +56,7 @@ export const twitterFetch = async ( while (apiAttempts < API_ATTEMPTS) { /* Generate a random CSRF token, Twitter just cares that header and cookie match, REST can use shorter csrf tokens (32 bytes) but graphql prefers 160 bytes */ - const csrfToken = generateCSRFToken(); + const csrfToken = crypto.randomUUID().replace(/-/g, ''); const headers: Record = { Authorization: Constants.GUEST_BEARER_TOKEN,