From ca1418fc0135d52a009ab218d6e24187fb355a3c Mon Sep 17 00:00:00 2001
From: Adam Mathes <adam@adammathes.com>
Date: Sat, 14 Feb 2026 09:09:10 -0800
Subject: security: implement CSRF protection and improve session cookie
 security (fixing NK-gfh33y)

---
 frontend/src/App.tsx | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'frontend/src/App.tsx')

diff --git a/frontend/src/App.tsx b/frontend/src/App.tsx
index 4835cd3..7943f60 100644
--- a/frontend/src/App.tsx
+++ b/frontend/src/App.tsx
@@ -2,6 +2,7 @@ import React, { useEffect, useState } from 'react';
 import { BrowserRouter, Routes, Route, Navigate, useLocation, useNavigate } from 'react-router-dom';
 import Login from './components/Login';
 import './App.css';
+import { apiFetch } from './utils';
 
 // Protected Route wrapper
 function RequireAuth({ children }: { children: React.ReactElement }) {
@@ -9,7 +10,7 @@ function RequireAuth({ children }: { children: React.ReactElement }) {
   const location = useLocation();
 
   useEffect(() => {
-    fetch('/api/auth')
+    apiFetch('/api/auth')
       .then((res) => {
         if (res.ok) {
           setAuth(true);
@@ -70,7 +71,7 @@ function Dashboard({ theme, setTheme }: { theme: string; setTheme: (t: string) =
 
           <button
             onClick={() => {
-              fetch('/api/logout', { method: 'POST' }).then(
+              apiFetch('/api/logout', { method: 'POST' }).then(
                 () => (window.location.href = '/v2/login')
               );
             }}
-- 
cgit v1.2.3