Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-08-10 02:02:29 +08:00
Code Issues Packages Projects Releases Wiki Activity
Notes/src/routes/csrf_protection.ts
Panagiotis Papadopoulos b6d73df92e feat(csrf_protection): use cookiePath from config
2025-02-10 19:03:10 +01:00

18 lines
607 B
TypeScript
Raw Blame History

import { doubleCsrf } from "csrf-csrf";
import sessionSecret from "../services/session_secret.js";
import { isElectron } from "../services/utils.js";
import config from "../services/config.js";
const doubleCsrfUtilities = doubleCsrf({
getSecret: () => sessionSecret,
cookieOptions: {
path: config.Cookies.cookiePath,
secure: false,
sameSite: "strict",
httpOnly: !isElectron // set to false for Electron, see https://github.com/TriliumNext/Notes/pull/966
},
cookieName: "_csrf"
});
export const { generateToken, doubleCsrfProtection } = doubleCsrfUtilities;
Reference in New Issue View Git Blame Copy Permalink