root: rename csrf header
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
8008aba450
commit
0db0a12ef3
|
@ -30,7 +30,7 @@ function getCookie(name) {
|
||||||
window.addEventListener('DOMContentLoaded', (event) => {
|
window.addEventListener('DOMContentLoaded', (event) => {
|
||||||
const rapidocEl = document.querySelector('rapi-doc');
|
const rapidocEl = document.querySelector('rapi-doc');
|
||||||
rapidocEl.addEventListener('before-try', (e) => {
|
rapidocEl.addEventListener('before-try', (e) => {
|
||||||
e.detail.request.headers.append('X-CSRFToken', getCookie("authentik_csrf"));
|
e.detail.request.headers.append('X-authentik-CSRF', getCookie("authentik_csrf"));
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
</script>
|
</script>
|
||||||
|
|
|
@ -75,7 +75,7 @@ AUTH_USER_MODEL = "authentik_core.User"
|
||||||
|
|
||||||
_cookie_suffix = "_debug" if DEBUG else ""
|
_cookie_suffix = "_debug" if DEBUG else ""
|
||||||
CSRF_COOKIE_NAME = "authentik_csrf"
|
CSRF_COOKIE_NAME = "authentik_csrf"
|
||||||
CSRF_COOKIE_SAMESITE = None
|
CSRF_HEADER_NAME = "HTTP_X_AUTHENTIK_CSRF"
|
||||||
LANGUAGE_COOKIE_NAME = f"authentik_language{_cookie_suffix}"
|
LANGUAGE_COOKIE_NAME = f"authentik_language{_cookie_suffix}"
|
||||||
SESSION_COOKIE_NAME = f"authentik_session{_cookie_suffix}"
|
SESSION_COOKIE_NAME = f"authentik_session{_cookie_suffix}"
|
||||||
SESSION_COOKIE_DOMAIN = CONFIG.y("cookie_domain", None)
|
SESSION_COOKIE_DOMAIN = CONFIG.y("cookie_domain", None)
|
||||||
|
|
|
@ -24,7 +24,7 @@ export const DEFAULT_CONFIG = new Configuration({
|
||||||
// Required for POST/PUT/DELETE requests
|
// Required for POST/PUT/DELETE requests
|
||||||
// getCookie function must return the cookie's contents
|
// getCookie function must return the cookie's contents
|
||||||
headers: {
|
headers: {
|
||||||
"X-CSRFToken": getCookie("authentik_csrf"),
|
"X-authentik-CSRF": getCookie("authentik_csrf"),
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
```
|
```
|
||||||
|
|
|
@ -53,7 +53,7 @@ export function tenant(): Promise<CurrentTenant> {
|
||||||
export class CSRFMiddleware implements Middleware {
|
export class CSRFMiddleware implements Middleware {
|
||||||
pre?(context: RequestContext): Promise<FetchParams | void> {
|
pre?(context: RequestContext): Promise<FetchParams | void> {
|
||||||
// @ts-ignore
|
// @ts-ignore
|
||||||
context.init.headers["X-CSRFToken"] = getCookie("authentik_csrf");
|
context.init.headers["X-authentik-CSRF"] = getCookie("authentik_csrf");
|
||||||
return Promise.resolve(context);
|
return Promise.resolve(context);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Reference in a new issue