feat: enhance CSRF token handling and add format=json to API requests

2025-01-06 14:49:23 -05:00
parent 128c33d9a1
commit 59b41c01df
3 changed files with 64 additions and 32 deletions
--- a/frontend/src/routes/api/[...path]/+server.ts
+++ b/frontend/src/routes/api/[...path]/+server.ts
@@ -53,18 +53,25 @@ async function handleRequest(

 	const headers = new Headers(request.headers);

+	// Delete existing csrf cookie by setting an expired date
+	cookies.delete('csrftoken', { path: '/' });
+
+	// Generate a new csrf token (using your existing fetchCSRFToken function)
 	const csrfToken = await fetchCSRFToken();
 	if (!csrfToken) {
 		return json({ error: 'CSRF token is missing or invalid' }, { status: 400 });
 	}

+	// Set the new csrf token in both headers and cookies
+	const cookieHeader = `csrftoken=${csrfToken}; Path=/; HttpOnly; SameSite=Lax`;
+
 	try {
 		const response = await fetch(targetUrl, {
 			method: request.method,
 			headers: {
 				...Object.fromEntries(headers),
 				'X-CSRFToken': csrfToken,
-				Cookie: `csrftoken=${csrfToken}`
+				Cookie: cookieHeader
 			},
 			body:
 				request.method !== 'GET' && request.method !== 'HEAD' ? await request.text() : undefined,