Merge commit from fork

* (security) Mandate content-type on POST calls

* (security) Add JSON content-type in POST requests with a body

* Added Content Type on missing endpoints

* (review) docs and newlines

* (docs) add JSON content type header

* style(clang-format): fix lint errors

---------

Co-authored-by: axfla <axfla@hotmail.fr>
Co-authored-by: ReenigneArcher <42013603+ReenigneArcher@users.noreply.github.com>

src_assets/common/assets/web/apps.html

@@ -440,7 +440,12 @@
           "Are you sure to delete " + this.apps[id].name + "?"
         );
         if (resp) {
-          fetch("./api/apps/" + id, { method: "DELETE" }).then((r) => {
+          fetch("./api/apps/" + id, {
+            method: "DELETE",
+            headers: { 
+              "Content-Type": "application/json" 
+            },
+          }).then((r) => {
             if (r.status === 200) document.location.reload();
           });
         }
@@ -540,6 +545,9 @@
         this.coverFinderBusy = true;
         fetch("./api/covers/upload", {
           method: "POST",
+          headers: {
+            'Content-Type': 'application/json'
+          },
           body: JSON.stringify({
             key: cover.key,
             url: cover.saveUrl,
@@ -555,6 +563,9 @@
         this.editForm["image-path"] = this.editForm["image-path"].toString().replace(/"/g, '');
         fetch("./api/apps", {
           method: "POST",
+          headers: {
+            'Content-Type': 'application/json'
+          },
           body: JSON.stringify(this.editForm),
         }).then((r) => {
           if (r.status === 200) document.location.reload();

src_assets/common/assets/web/config.html

@@ -371,6 +371,9 @@
 
         return fetch("./api/config", {
           method: "POST",
+          headers: {
+            'Content-Type': 'application/json'
+          },
           body: JSON.stringify(config),
         }).then((r) => {
           if (r.status === 200) {
@@ -393,7 +396,10 @@
               this.saved = this.restarted = false;
             }, 5000);
             fetch("./api/restart", {
-              method: "POST"
+              method: "POST",
+              headers: {
+                "Content-Type": "application/json"
+              }
             });
           }
         });

src_assets/common/assets/web/password.html

@@ -92,6 +92,9 @@
         this.error = null;
         fetch("./api/password", {
           method: "POST",
+          headers: {
+            'Content-Type': 'application/json'
+          },
           body: JSON.stringify(this.passwordData),
         }).then((r) => {
           if (r.status === 200) {

src_assets/common/assets/web/pin.html

@@ -39,7 +39,13 @@
         let name = document.querySelector("#name-input").value;
         document.querySelector("#status").innerHTML = "";
         let b = JSON.stringify({pin: pin, name: name});
-        fetch("./api/pin", {method: "POST", body: b})
+        fetch("./api/pin", {
+          method: "POST", 
+          headers: {
+            'Content-Type': 'application/json'
+          }, 
+          body: b
+        })
           .then((response) => response.json())
           .then((response) => {
             if (response.status === true) {

src_assets/common/assets/web/troubleshooting.html

@@ -207,7 +207,11 @@
         },
         closeApp() {
           this.closeAppPressed = true;
-          fetch("./api/apps/close", { method: "POST" })
+          fetch("./api/apps/close", { 
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json"
+            } })
             .then((r) => r.json())
             .then((r) => {
               this.closeAppPressed = false;
@@ -219,7 +223,12 @@
         },
         unpairAll() {
           this.unpairAllPressed = true;
-          fetch("./api/clients/unpair-all", { method: "POST" })
+          fetch("./api/clients/unpair-all", { 
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json"
+            }
+           })
             .then((r) => r.json())
             .then((r) => {
               this.unpairAllPressed = false;
@@ -231,7 +240,13 @@
             });
         },
         unpairSingle(uuid) {
-          fetch("./api/clients/unpair", { method: "POST", body: JSON.stringify({ uuid }) }).then(() => {
+          fetch("./api/clients/unpair", { 
+            method: "POST", 
+            headers: {
+              'Content-Type': 'application/json'
+            }, 
+            body: JSON.stringify({ uuid }) 
+          }).then(() => {
             this.showApplyMessage = true;
             this.refreshClients();
           });
@@ -263,11 +278,19 @@
           }, 5000);
           fetch("./api/restart", {
             method: "POST",
+            headers: {
+                "Content-Type": "application/json"
+            }
           });
         },
         ddResetPersistence() {
           this.ddResetPressed = true;
-          fetch("/api/reset-display-device-persistence", { method: "POST" })
+          fetch("/api/reset-display-device-persistence", { 
+            method: "POST",
+            headers: { 
+              "Content-Type": "application/json" 
+            } 
+          })
             .then((r) => r.json())
             .then((r) => {
               this.ddResetPressed = false;

src_assets/common/assets/web/welcome.html

@@ -78,6 +78,9 @@
         this.loading = true;
         fetch("./api/password", {
           method: "POST",
+          headers: {
+            'Content-Type': 'application/json'
+          },
           body: JSON.stringify(this.passwordData),
         }).then((r) => {
           this.loading = false;