CSRF implementation on server helpers

2026-02-08 02:33:01 +00:00 · 2026-01-09 05:34:48 +00:00
parent f7d4d6212d
commit e074500a77
13 changed files with 66 additions and 26 deletions
--- a/packages/frontend/src/lib/server/user/update.ts
+++ b/packages/frontend/src/lib/server/user/update.ts
@@ -1,4 +1,4 @@
-import { getAuthHeaders, getServerURL } from "@/lib/utils";
+import { getCsrfToken, getServerURL } from "@/lib/utils";
 import type { ServerQueryInput } from "..";

 export async function update({
@@ -20,8 +20,13 @@ export async function update({
    url.searchParams.set("password", password.trim());
    url.searchParams.set("avatarURL", avatarURL || "null");

+    const csrfToken = getCsrfToken();
+    const headers: HeadersInit = {};
+    if (csrfToken) headers["X-CSRF-Token"] = csrfToken;
+
    const res = await fetch(url.toString(), {
-        headers: getAuthHeaders(),
+        headers,
+        credentials: "include",
    });

    if (!res.ok) {