Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-08-24 21:26:30 +08:00
Code Issues Packages Projects Releases Wiki Activity
10,407 Commits 21 Branches 339 Tags
Commit Graph

4 Commits

Author SHA1 Message Date
Panagiotis Papadopoulos
9382c278b3 fix(csrf): add exception for electron for httpOnly cookie 
it does not seem to like having httpOnly set in electron
 2025-01-17 17:26:52 +01:00
Panagiotis Papadopoulos
5f605b3a91 fix(csrf): set more secure cookieOptions settings 
- `sameSite` - previous setting inherited from csurf was to simply not set it at all, which makes all browser nag in their dev console output.
They will default to "Lax" for these type of cookies in the future.
We can even use "strict" here though for our use case:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value

- `httpOnly`: should be enabled for the csrf cookie as well
for the session cookie it already is enabled.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#httponly
 2025-01-16 21:40:12 +01:00
Panagiotis Papadopoulos
6dd8ab31d5 refactor(csrf): export generateToken utility 2025-01-16 20:14:23 +01:00
Panagiotis Papadopoulos
e3d89ce2a5 refactor(csrf): move csrf to own file 2025-01-16 20:14:23 +01:00