fix: correct HTTP headers for LeetCode API authentication

The login flow was failing because the HTTP request headers sent to
LeetCode's GraphQL API were incorrect:

- 'referer' was set to 'vscode-lc-extension' instead of a valid URL
- Missing 'Origin' header required by LeetCode's CORS policy
- Missing 'User-Agent' header causing Cloudflare to block requests
- CSRF token was not being extracted from cookie and sent as X-CSRFToken
- Removed xsrfCookieName/xsrfHeaderName which only work in browser context

Fixes #478

Author: Contributor

src/utils/httpUtils.ts

@@ -1,9 +1,13 @@
 import axios, { AxiosRequestConfig, AxiosPromise } from "axios";
 import { omit } from "lodash";
 import { globalState } from "../globalState";
+import { getUrl } from "../shared";
 import { DialogType, promptForOpenOutputChannel } from "./uiUtils";
 
-const referer = "vscode-lc-extension";
+function extractCsrfToken(cookie: string): string {
+    const match = cookie.match(/csrftoken=([^;]+)/);
+    return match ? match[1] : "";
+}
 
 export function LcAxios<T = any>(path: string, settings?: AxiosRequestConfig): AxiosPromise<T> {
     const cookie = globalState.getCookie();
@@ -14,15 +18,21 @@ export function LcAxios<T = any>(path: string, settings?: AxiosRequestConfig): A
         );
         return Promise.reject("Failed to obtain the cookie.");
     }
+
+    const baseUrl = getUrl("base");
+    const csrfToken = extractCsrfToken(cookie);
+
     return axios(path, {
         headers: {
-            referer,
+            "Origin": baseUrl,
+            "Referer": baseUrl,
+            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
             "content-type": "application/json",
-            cookie,
+            "cookie": cookie,
+            "X-CSRFToken": csrfToken,
+            "X-Requested-With": "XMLHttpRequest",
             ...(settings && settings.headers),
         },
-        xsrfCookieName: "csrftoken",
-        xsrfHeaderName: "X-CSRFToken",
         ...(settings && omit(settings, "headers")),
     });
 }