mirror of
https://github.com/zadam/trilium.git
synced 2025-11-17 14:19:14 +08:00
a979e87a7f
this option will currently not work => the cookie will never be set by the server, if you use a different path other than "/" in order for this to work we would need to introduce some kind of "custom route prefix", that would make express serve the routes with the custom prefix — but that kinda falls more into a reverse proxy job territory. So let's remove this feature for now and amend the docs on how to correctly handle the cookies per instance via the reverse proxy.
16 lines
541 B
TypeScript
16 lines
541 B
TypeScript
import { doubleCsrf } from "csrf-csrf";
|
|
import sessionSecret from "../services/session_secret.js";
|
|
import { isElectron } from "../services/utils.js";
|
|
|
|
const doubleCsrfUtilities = doubleCsrf({
|
|
getSecret: () => sessionSecret,
|
|
cookieOptions: {
|
|
path: "/",
|
|
secure: false,
|
|
sameSite: "strict",
|
|
httpOnly: !isElectron // set to false for Electron, see https://github.com/TriliumNext/Notes/pull/966
|
|
},
|
|
cookieName: "_csrf"
|
|
});
|
|
|
|
export const { generateToken, doubleCsrfProtection } = doubleCsrfUtilities;
|