tabshift/payload
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: allow jwt to work without csrf in config

Browse Source
This commit is contained in:
Dan Ribbens
2022-02-16 12:35:17 -05:00
parent 56c16d5c16
commit 40487347e3
3 changed files with 14 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/auth/getExtractJWT.ts
View File

@@ -15,7 +15,7 @@ const getExtractJWT = (config: SanitizedConfig) => (req: Request): string | null
const tokenCookieName = `${config.cookiePrefix}-token`;
if (cookies && cookies[tokenCookieName]) {
if (!origin || (config.csrf && config.csrf.indexOf(origin) > -1)) {
if (!origin || config.csrf.length === 0 || config.csrf.indexOf(origin) > -1) {
return cookies[tokenCookieName];
}
}