prevent comment attachment to be abused

This commit is contained in:
2026-05-29 18:38:26 +02:00
parent 86085c435a
commit f79e4d6f32
3 changed files with 143 additions and 1 deletions

View File

@@ -2548,6 +2548,19 @@ class CommentSystem {
}
}
}
// Fire-and-forget: tell the server to delete the orphaned upload record.
// Only possible once upload has finished (fileId is set); silently ignored on failure —
// the server-side orphan sweep will clean up any leftovers after 1 hour.
const fileId = previewItem.dataset.fileId;
if (fileId) {
const csrf = (window.f0ckSession || {}).csrf_token || '';
fetch(`/api/v2/comments/upload/${fileId}`, {
method: 'DELETE',
headers: csrf ? { 'X-CSRF-Token': csrf } : {}
}).catch(() => {});
}
previewItem.remove();
}
return;