diff options
| author | Adam Mathes <adam@adammathes.com> | 2026-02-14 10:52:50 -0800 |
|---|---|---|
| committer | Adam Mathes <adam@adammathes.com> | 2026-02-14 10:52:50 -0800 |
| commit | 5e24550cacd0f80ea4ec62dab873e747b2ae86b7 (patch) | |
| tree | c2666291bb48eb930e0254de8cde2c7108be7f79 /frontend/src/utils.ts | |
| parent | 419d84d2a8e84d028b145df57d1584a3fe163b37 (diff) | |
| download | neko-5e24550cacd0f80ea4ec62dab873e747b2ae86b7.tar.gz neko-5e24550cacd0f80ea4ec62dab873e747b2ae86b7.tar.bz2 neko-5e24550cacd0f80ea4ec62dab873e747b2ae86b7.zip | |
fix: CSRF cookie configuration for local network access\n\n- Changed SameSite from Lax to None to allow cookie access across localhost/IP variations\n- Added Secure=false for local development (should be true in production with HTTPS)\n- Added credentials:'include' to all fetch requests to ensure cookies are sent\n- Updated tests to expect credentials parameter in fetch calls\n\nThis fixes the 403 Forbidden error when accessing from LAN IPs like 192.168.x.x
Diffstat (limited to 'frontend/src/utils.ts')
| -rw-r--r-- | frontend/src/utils.ts | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/frontend/src/utils.ts b/frontend/src/utils.ts index 129ebbb..ebfb692 100644 --- a/frontend/src/utils.ts +++ b/frontend/src/utils.ts @@ -27,5 +27,6 @@ export async function apiFetch(input: RequestInfo | URL, init?: RequestInit): Pr return fetch(input, { ...init, headers, + credentials: 'include', // Ensure cookies are sent }); } |