Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-10-29 11:44:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

server: Fix CSRF on mobile reload (closes #318)

Browse Source
This commit is contained in:
Elian Doran 2024-08-14 18:59:02 +03:00
parent a9b094bf27
commit 07fb8c072d
No known key found for this signature in database
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/routes/index.ts
View File

@ -23,6 +23,11 @@ function index(req: Request, res: Response) {
const csrfToken = req.csrfToken(); const csrfToken = req.csrfToken();
log.info(`Generated CSRF token ${csrfToken} with secret ${res.getHeader('set-cookie')}`); log.info(`Generated CSRF token ${csrfToken} with secret ${res.getHeader('set-cookie')}`);
// We force the page to not be cached since on mobile the CSRF token can be
// broken when closing the browser and coming back in to the page.
// The page is restored from cache, but the API call fail.
res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
res.render(view, { res.render(view, {
csrfToken: csrfToken, csrfToken: csrfToken,
themeCssUrl: getThemeCssUrl(options.theme), themeCssUrl: getThemeCssUrl(options.theme),