trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

root: rename csrf header 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-01-16 16:17:44 +01:00
parent 8008aba450
commit 0db0a12ef3
4 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
authentik/api/templates/api/browser.html
View File

@ -30,7 +30,7 @@ function getCookie(name) {
window.addEventListener('DOMContentLoaded', (event) => {
const rapidocEl = document.querySelector('rapi-doc');
rapidocEl.addEventListener('before-try', (e) => {
e.detail.request.headers.append('X-CSRFToken', getCookie("authentik_csrf"));
e.detail.request.headers.append('X-authentik-CSRF', getCookie("authentik_csrf"));
});
});
</script>

2
authentik/root/settings.py
View File

@ -75,7 +75,7 @@ AUTH_USER_MODEL = "authentik_core.User"
_cookie_suffix = "_debug" if DEBUG else ""
CSRF_COOKIE_NAME = "authentik_csrf"
CSRF_COOKIE_SAMESITE = None
CSRF_HEADER_NAME = "HTTP_X_AUTHENTIK_CSRF"
LANGUAGE_COOKIE_NAME = f"authentik_language{_cookie_suffix}"
SESSION_COOKIE_NAME = f"authentik_session{_cookie_suffix}"
SESSION_COOKIE_DOMAIN = CONFIG.y("cookie_domain", None)

2
scripts/web_api_readme.md
View File

@ -24,7 +24,7 @@ export const DEFAULT_CONFIG = new Configuration({
// Required for POST/PUT/DELETE requests
// getCookie function must return the cookie's contents
headers: {
"X-CSRFToken": getCookie("authentik_csrf"),
"X-authentik-CSRF": getCookie("authentik_csrf"),
},
});
```

2
web/src/api/Config.ts
View File

@ -53,7 +53,7 @@ export function tenant(): Promise<CurrentTenant> {
export class CSRFMiddleware implements Middleware {
pre?(context: RequestContext): Promise<FetchParams | void> {
// @ts-ignore
context.init.headers["X-CSRFToken"] = getCookie("authentik_csrf");
context.init.headers["X-authentik-CSRF"] = getCookie("authentik_csrf");
return Promise.resolve(context);
}
}