brammie15/ReSendit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CSRF protection for cookie-authenticated requests

Browse Source
This commit is contained in:
root
2026-03-23 16:20:26 +01:00
parent a3348e8795
commit fae7f80913
8 changed files with 139 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
templates/login.html
View File

@@ -127,10 +127,14 @@
const password = document.getElementById("password").value;
try {
const m = document.cookie.match('(^|;)\\s*csrf_token\\s*=\\s*([^;]+)');
const csrf = m ? m.pop() : '';
const res = await fetch("/api/auth/login", {
method: "POST",
headers: {
"Content-Type": "application/json"
"Content-Type": "application/json",
"X-CSRF-Token": csrf
},
body: JSON.stringify({
username: username,