security: implement CSRF protection and improve session cookie security (fixing NK-gfh33y)

author: Adam Mathes <adam@adammathes.com> 2026-02-14 09:09:10 -0800
committer: Adam Mathes <adam@adammathes.com> 2026-02-14 09:09:10 -0800
commit: ca1418fc0135d52a009ab218d6e24187fb355a3c (patch)
tree: 95f54977609ec401f8439a30e3a158c36a5526bf /frontend/src/components/Login.tsx
parent: a39dfd30529330e3eea44bce865093158eaf2f1b (diff)
download: neko-ca1418fc0135d52a009ab218d6e24187fb355a3c.tar.gz
neko-ca1418fc0135d52a009ab218d6e24187fb355a3c.tar.bz2
neko-ca1418fc0135d52a009ab218d6e24187fb355a3c.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/frontend/src/components/Login.tsx b/frontend/src/components/Login.tsx
index 5f63248..ba2cd96 100644
--- a/frontend/src/components/Login.tsx
+++ b/frontend/src/components/Login.tsx
@@ -2,6 +2,8 @@ import { useState, type FormEvent } from 'react';
 import { useNavigate } from 'react-router-dom';
 import './Login.css';
 
+import { apiFetch } from '../utils';
+
 export default function Login() {
   const [password, setPassword] = useState('');
   const [error, setError] = useState('');
@@ -16,7 +18,7 @@ export default function Login() {
       const params = new URLSearchParams();
       params.append('password', password);
 
-      const res = await fetch('/api/login', {
+      const res = await apiFetch('/api/login', {
         method: 'POST',
         body: params,
       });
author	Adam Mathes <adam@adammathes.com>	2026-02-14 09:09:10 -0800
committer	Adam Mathes <adam@adammathes.com>	2026-02-14 09:09:10 -0800
commit	ca1418fc0135d52a009ab218d6e24187fb355a3c (patch)
tree	95f54977609ec401f8439a30e3a158c36a5526bf /frontend/src/components/Login.tsx
parent	a39dfd30529330e3eea44bce865093158eaf2f1b (diff)
download	neko-ca1418fc0135d52a009ab218d6e24187fb355a3c.tar.gz neko-ca1418fc0135d52a009ab218d6e24187fb355a3c.tar.bz2 neko-ca1418fc0135d52a009ab218d6e24187fb355a3c.zip