Skip to content

Commit

Permalink
fix: csrf
Browse files Browse the repository at this point in the history
  • Loading branch information
@trim21
trim21 committed Aug 17, 2024
1 parent 036ae02 commit 7d8e787
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 4 deletions.
5 changes: 2 additions & 3 deletions config.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
import os
import secrets
import sys
from datetime import timezone
from pathlib import Path
Expand All @@ -18,8 +17,8 @@

load_dotenv(PROJECT_PATH.joinpath(".env"))

SECRET_TOKEN = bytes.fromhex(os.environ.get("SECRET_TOKEN", secrets.token_hex(32)))
CSRF_SECRET_TOKEN = os.environ.get("CSRF_SECRET_TOKEN", secrets.token_urlsafe(32))
SECRET_TOKEN = bytes.fromhex(os.environ["SECRET_TOKEN"])
CSRF_SECRET_TOKEN = os.environ["CSRF_SECRET_TOKEN"]

SERVER_BASE_URL = os.environ["SERVER_BASE_URL"]

Expand Down
2 changes: 1 addition & 1 deletion server/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ def before_req(req: litestar.Request):
),
stores={"sessions": RedisStore(Redis.from_url(REDIS_DSN), handle_client_shutdown=False)},
on_startup=[pg_pool_startup],
csrf_config=CSRFConfig(secret=CSRF_SECRET_TOKEN, cookie_name="csrf-token"),
csrf_config=CSRFConfig(secret=CSRF_SECRET_TOKEN, cookie_name="s-csrf-token"),
before_request=before_req,
middleware=[session_auth_config.middleware],
debug=True,
Expand Down

0 comments on commit 7d8e787

Please sign in to comment.