CSRF token missing from API calls, resulting in 403 Forbidden on page downloads

[asdf1324]

When you click on the download all button, nothing happens and you can observe that the API request has failed with 403 forbidden in the console log;

Comparing the request headers of the succeeded request from the page (left) and the failed request from the extension (right), one can observe that there is a x-csrf-token header missing from the request created by the extension.

The CSRF token can be found in the page's HTML source.

[asdf1324]

Last time I used the tool was 6 days ago and it worked fine then, so this must be a recent change.

Modifying fetchPostData like this makes it work again (not that it's an elegant solution, by any means)

...
let csrfToken = (document.getElementsByName("csrf-token")[0] as HTMLMetaElement).content
const json = await ky.get(`https://fantia.jp/api/v1/posts/${id}`, {"headers": {"x-csrf-token": csrfToken}}).json<PostDataResponse>()
...

[mnao305]

週末直せたら直します。
時間がなくて直せなかった:cry: 今週末こそ直します。PRもお待ちしています:pray:

[mnao305]

v3.5.3としてストアにアップロードしました。Googleの審査完了まで少々お待ちください:pray:

[asdf1324]

対応ありがとうございます！TSやJSにはあまり自信がなくてPR送るのは無理でした😅

[mnao305]

v3.5.3として公開され、問題なくダウンロードできることが確認できました！

また何かあればお気軽にIssueを立ててください:bow: