fix: added CSRF check for granting access via session authentication

2026-01-14 17:30:05 +00:00 · 2022-04-30 05:04:27 +05:00
parent d47ed6d0e8
commit b060ad1b8e
8 changed files with 37 additions and 14 deletions
--- a/api/src/routes/web/index.ts
+++ b/api/src/routes/web/index.ts
@@ -4,6 +4,13 @@ import webRouter from './web'

 const router = express.Router()

-router.use('/', csrfProtection, webRouter)
+router.use(csrfProtection)
+
+router.use(function (req, res, next) {
+  res.cookie('XSRF-TOKEN', req.csrfToken())
+  next()
+})
+
+router.use('/', webRouter)

 export default router