mirror of
https://github.com/zadam/trilium.git
synced 2025-11-16 02:05:53 +01:00
ca2bb94200
this values cannot change during runtime, => there is no need to have these checks as dynamic function, instead just export the boolean value directly
17 lines
595 B
TypeScript
17 lines
595 B
TypeScript
import { doubleCsrf } from "csrf-csrf";
|
|
import sessionSecret from "../services/session_secret.js";
|
|
import { isElectron } from "../services/utils.js";
|
|
|
|
const doubleCsrfUtilities = doubleCsrf({
|
|
getSecret: () => sessionSecret,
|
|
cookieOptions: {
|
|
path: "", // empty, so cookie is valid only for the current path
|
|
secure: false,
|
|
sameSite: "strict",
|
|
httpOnly: !isElectron // set to false for Electron, see https://github.com/TriliumNext/Notes/pull/966
|
|
},
|
|
cookieName: "_csrf"
|
|
});
|
|
|
|
export const { generateToken, doubleCsrfProtection } = doubleCsrfUtilities;
|