Restore missing CSRF header

apps/link/app/_components/ZammadLoginProvider.tsx

@@ -20,6 +20,9 @@ export const ZammadLoginProvider: FC<PropsWithChildren> = ({ children }) => {
 
         if (response.status !== 200) {
           window.location.href = "/zammad/auth/sso";
+        } else {
+          const token = response.headers.get("CSRF-Token");
+          update({ zammadCsrfToken: token });
         }
       }
     };

apps/link/app/_lib/authentication.ts

@@ -118,14 +118,20 @@ export const authOptions: NextAuthOptions = {
     session: async ({ session, token }) => {
       // @ts-ignore
       session.user.roles = token.roles ?? [];
+      // @ts-ignore
+      session.user.zammadCsrfToken = token.zammadCsrfToken;
 
       return session;
     },
-    jwt: async ({ token, user }) => {
+    jwt: async ({ token, user, trigger, session }) => {
       if (user) {
         token.roles = (await getUserRoles(user.email)) ?? [];
       }
 
+      if (session && trigger === "update") {
+        token.zammadCsrfToken = session.zammadCsrfToken;
+      }
+
       return token;
     },
   },

apps/link/app/_lib/zammad.ts

@@ -8,6 +8,8 @@ const getHeaders = async () => {
     "Content-Type": "application/json",
     Accept: "application/json",
     "X-Browser-Fingerprint": `${session.expires}`,
+    // @ts-ignore
+    "X-CSRF-Token": session.user.zammadCsrfToken,
     Cookie: allCookies
       .map((cookie: any) => `${cookie.name}=${cookie.value}`)
       .join("; "),