Update csrf-sync to fallback to _csrf query param

2025-11-01 11:35:55 +01:00 · 2023-02-01 23:13:18 +10:30
parent bb0397cbc8
commit f553da48e1
1 changed files with 7 additions and 0 deletions
--- a/src/middleware/csrf.js
+++ b/src/middleware/csrf.js
@@ -6,6 +6,13 @@ const {
 	generateToken,
 	csrfSynchronisedProtection,
 } = csrfSync({
+	getTokenFromRequest: (req) => {
+		if (req.headers['x-csrf-token']) {
+			return req.headers['x-csrf-token'];
+		} else if (req.query) {
+			return req.query._csrf;
+		}
+	},
 	size: 64,
 });