Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-08-08 17:22:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(csrf_protection): use cookiePath from config

Browse Source
This commit is contained in:
Panagiotis Papadopoulos 2025-02-10 08:48:40 +01:00
parent a600568ab8
commit b6d73df92e
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/routes/csrf_protection.ts
View File

@ -1,11 +1,12 @@
import { doubleCsrf } from "csrf-csrf"; import { doubleCsrf } from "csrf-csrf";
import sessionSecret from "../services/session_secret.js"; import sessionSecret from "../services/session_secret.js";
import { isElectron } from "../services/utils.js"; import { isElectron } from "../services/utils.js";
import config from "../services/config.js";
const doubleCsrfUtilities = doubleCsrf({ const doubleCsrfUtilities = doubleCsrf({
getSecret: () => sessionSecret, getSecret: () => sessionSecret,
cookieOptions: { cookieOptions: {
path: "", // empty, so cookie is valid only for the current path path: config.Cookies.cookiePath,
secure: false, secure: false,
sameSite: "strict", sameSite: "strict",
httpOnly: !isElectron // set to false for Electron, see https://github.com/TriliumNext/Notes/pull/966 httpOnly: !isElectron // set to false for Electron, see https://github.com/TriliumNext/Notes/pull/966