From b6d73df92e70c642935da85e8a95d3305f81c0c8 Mon Sep 17 00:00:00 2001
From: Panagiotis Papadopoulos <pano_90@gmx.net>
Date: Mon, 10 Feb 2025 08:48:40 +0100
Subject: [PATCH] feat(csrf_protection): use cookiePath from config

---
 src/routes/csrf_protection.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/routes/csrf_protection.ts b/src/routes/csrf_protection.ts
index 225651631..e9cd55f26 100644
--- a/src/routes/csrf_protection.ts
+++ b/src/routes/csrf_protection.ts
@@ -1,11 +1,12 @@
 import { doubleCsrf } from "csrf-csrf";
 import sessionSecret from "../services/session_secret.js";
 import { isElectron } from "../services/utils.js";
+import config from "../services/config.js";
 
 const doubleCsrfUtilities = doubleCsrf({
     getSecret: () => sessionSecret,
     cookieOptions: {
-        path: "", // empty, so cookie is valid only for the current path
+        path: config.Cookies.cookiePath,
         secure: false,
         sameSite: "strict",
         httpOnly: !isElectron // set to false for Electron, see https://github.com/TriliumNext/Notes/pull/966