ciphera-net/pulse
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 15 Wiki Activity

Release 0.14.0-alpha #42

Merged
uz1mani merged 109 commits from staging into main 2026-03-12 12:12:03 +00:00
Conversation 0 Commits 109 Files Changed 67 +6874 -1804
65 changed files with 6874 additions and 1804 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit c2d5935394 - Show all commits

6
lib/api/client.ts
View File

@@ -202,9 +202,9 @@ async function apiRequest<T>(
// * We rely on HttpOnly cookies, so no manual Authorization header injection. // * We rely on HttpOnly cookies, so no manual Authorization header injection.
// * We MUST set credentials: 'include' for the browser to send cookies cross-origin (or same-site). // * We MUST set credentials: 'include' for the browser to send cookies cross-origin (or same-site).
// * Add CSRF token for state-changing requests to Auth API // * Add CSRF token for all state-changing requests (Pulse API and Auth API).
// * Auth API uses Double Submit Cookie pattern for CSRF protection // * Both backends enforce the double-submit cookie pattern server-side.
if (isAuthRequest && isStateChangingMethod(method)) { if (isStateChangingMethod(method)) {
const csrfToken = getCSRFToken() const csrfToken = getCSRFToken()
if (csrfToken) { if (csrfToken) {
headers['X-CSRF-Token'] = csrfToken headers['X-CSRF-Token'] = csrfToken