Restore missing CSRF header

2024-10-09 12:21:06 +02:00 · 2024-10-09 12:21:06 +02:00 · e27c381405
commit e27c381405
parent 66741f855d
3 changed files with 12 additions and 1 deletions
--- a/apps/link/app/_lib/authentication.ts
+++ b/apps/link/app/_lib/authentication.ts
@ -118,14 +118,20 @@ export const authOptions: NextAuthOptions = {
    session: async ({ session, token }) => {
      // @ts-ignore
      session.user.roles = token.roles ?? [];
+      // @ts-ignore
+      session.user.zammadCsrfToken = token.zammadCsrfToken;

      return session;
    },
-    jwt: async ({ token, user }) => {
+    jwt: async ({ token, user, trigger, session }) => {
      if (user) {
        token.roles = (await getUserRoles(user.email)) ?? [];
      }

+      if (session && trigger === "update") {
+        token.zammadCsrfToken = session.zammadCsrfToken;
+      }
+
      return token;
    },
  },
--- a/apps/link/app/_lib/zammad.ts
+++ b/apps/link/app/_lib/zammad.ts
@ -8,6 +8,8 @@ const getHeaders = async () => {
    "Content-Type": "application/json",
    Accept: "application/json",
    "X-Browser-Fingerprint": `${session.expires}`,
+    // @ts-ignore
+    "X-CSRF-Token": session.user.zammadCsrfToken,
    Cookie: allCookies
      .map((cookie: any) => `${cookie.name}=${cookie.value}`)
      .join("; "),