chore: update dependencies (#1393)
* chore: update sqlite3 * chore: update nextjs * chore: update semver * chore: update email-templates * chore: update express and express-openapi-validator * chore: override cross-spawn as the packages using it didnt update it * chore: update undici * feat: use csrf-csrf instead of deprecated csurf * chore: override cookie * chore: remove the overrides * chore: update lockfile * chore: revert cypress update * chore: revert revert cypress update * chore: update cypress * ci(cypress): upload video artifacts for debugging * chore(cypress): generate videos * ci(cypress): remove unnecessary matrix.browser in the artifact name * chore: update to es2021 --------- Co-authored-by: Gauthier <mail@gauthierth.fr>
This commit is contained in:
@@ -28,7 +28,7 @@ import restartFlag from '@server/utils/restartFlag';
|
||||
import { getClientIp } from '@supercharge/request-ip';
|
||||
import { TypeormStore } from 'connect-typeorm/out';
|
||||
import cookieParser from 'cookie-parser';
|
||||
import csurf from 'csurf';
|
||||
import { doubleCsrf } from 'csrf-csrf';
|
||||
import type { NextFunction, Request, Response } from 'express';
|
||||
import express from 'express';
|
||||
import * as OpenApiValidator from 'express-openapi-validator';
|
||||
@@ -162,18 +162,23 @@ app
|
||||
}
|
||||
});
|
||||
if (settings.network.csrfProtection) {
|
||||
server.use(
|
||||
csurf({
|
||||
cookie: {
|
||||
httpOnly: true,
|
||||
sameSite: true,
|
||||
secure: !dev,
|
||||
},
|
||||
})
|
||||
);
|
||||
const { doubleCsrfProtection, generateToken } = doubleCsrf({
|
||||
getSecret: () => settings.clientId,
|
||||
cookieName: 'XSRF-TOKEN',
|
||||
cookieOptions: {
|
||||
httpOnly: true,
|
||||
sameSite: 'strict',
|
||||
secure: !dev,
|
||||
},
|
||||
size: 64,
|
||||
ignoredMethods: ['GET', 'HEAD', 'OPTIONS'],
|
||||
});
|
||||
|
||||
server.use(doubleCsrfProtection);
|
||||
|
||||
server.use((req, res, next) => {
|
||||
res.cookie('XSRF-TOKEN', req.csrfToken(), {
|
||||
sameSite: true,
|
||||
res.cookie('XSRF-TOKEN', generateToken(req, res), {
|
||||
sameSite: 'strict',
|
||||
secure: !dev,
|
||||
});
|
||||
next();
|
||||
|
||||
@@ -50,6 +50,7 @@ class PreparedEmail extends Email {
|
||||
},
|
||||
send: true,
|
||||
transport: transport,
|
||||
preview: false,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user