Skip to content

Commit 86eff2e

Browse files
tjtanjintjtanjin
committed
fix: Fix csrf token
1 parent 0680aad commit 86eff2e

File tree

2 files changed

+7
-2
lines changed

2 files changed

+7
-2
lines changed

config/env/.env.template

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,4 +59,7 @@ LOG_LEVEL=INFO
5959

6060
# OpenTelemetry Configuration
6161
OTEL_SERVICE_NAME=otel-collector
62-
OTEL_EXPORTER_OTLP_ENDPOINT=http://otel-collector:4317
62+
OTEL_EXPORTER_OTLP_ENDPOINT=http://otel-collector:4317
63+
64+
# CSRF token identifier
65+
CSRF_TOKEN_IDENTIFIER="LOCAL-XSRF-TOKEN"

src/api/middleware/csrfMiddleware.ts

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,10 @@ const csrfMiddleware: RequestHandler = (req, res, next) => {
1010
if (!req.session.csrfToken) {
1111
req.session.csrfToken = tokens.secretSync();
1212
}
13+
1314
// send token to client (either as a cookie or in locals for your /csrf-token endpoint)
14-
res.cookie('XSRF-TOKEN', tokens.create(req.session.csrfToken), {
15+
const cookieName = process.env.CSRF_TOKEN_IDENTIFIER || 'XSRF-TOKEN';
16+
res.cookie(cookieName, tokens.create(req.session.csrfToken), {
1517
// false so client-side can read it
1618
httpOnly: false,
1719
// if developing locally, set to insecure

0 commit comments

Comments
 (0)