From fa8d7b42231b455a2878df7cc5686ef95bb64882 Mon Sep 17 00:00:00 2001 From: cirroskais Date: Fri, 2 Aug 2024 10:56:30 -0400 Subject: [PATCH] set samesite to strict --- src/{hooks.server.js => hooks.server.ts} | 0 src/routes/api/v1/auth/login/+server.ts | 2 +- src/routes/api/v1/auth/register/+server.ts | 2 +- svelte.config.js | 3 ++- 4 files changed, 4 insertions(+), 3 deletions(-) rename src/{hooks.server.js => hooks.server.ts} (100%) diff --git a/src/hooks.server.js b/src/hooks.server.ts similarity index 100% rename from src/hooks.server.js rename to src/hooks.server.ts diff --git a/src/routes/api/v1/auth/login/+server.ts b/src/routes/api/v1/auth/login/+server.ts index 1cc1f08..1c4219a 100644 --- a/src/routes/api/v1/auth/login/+server.ts +++ b/src/routes/api/v1/auth/login/+server.ts @@ -24,7 +24,7 @@ export async function POST({ request, cookies }) { const session = await createSession(user.id); - cookies.set(COOKIE, session.id, { path: '/' }); + cookies.set(COOKIE, session.id, { path: '/', sameSite: 'strict' }); return json( { diff --git a/src/routes/api/v1/auth/register/+server.ts b/src/routes/api/v1/auth/register/+server.ts index be8b459..baedbcc 100644 --- a/src/routes/api/v1/auth/register/+server.ts +++ b/src/routes/api/v1/auth/register/+server.ts @@ -19,7 +19,7 @@ export async function POST({ request, cookies }) { const user = await createUser(username, email, password); const session = await createSession(user.id); - cookies.set(COOKIE, session.id, { path: '/' }); + cookies.set(COOKIE, session.id, { path: '/', sameSite: 'strict' }); return json( { diff --git a/svelte.config.js b/svelte.config.js index 8b24099..802cdd3 100644 --- a/svelte.config.js +++ b/svelte.config.js @@ -4,7 +4,8 @@ import { vitePreprocess } from '@sveltejs/vite-plugin-svelte'; /** @type {import('@sveltejs/kit').Config} */ const config = { kit: { - adapter: adapter() + adapter: adapter(), + csrf: { checkOrigin: false } }, preprocess: vitePreprocess() };