- Add Access-Control-Expose-Headers to allow frontend to read X-CSRF-Token response header - Implement proactive CSRF token issuance on GET requests when session exists but CSRF cookie is missing - Ensures frontend always has valid CSRF token before making POST requests - Fixes 403 Forbidden errors when toggling system settings This resolves CSRF validation failures that occurred when CSRF tokens expired or were missing while valid sessions existed. |
||
|---|---|---|
| .. | ||
| api_tokens.go | ||
| api_tokens_test.go | ||
| client_helpers.go | ||
| config.go | ||
| credentials.go | ||
| docker_metadata.go | ||
| export.go | ||
| guest_metadata.go | ||
| import_transaction.go | ||
| oidc.go | ||
| persistence.go | ||
| persistence_fail_test.go | ||
| persistence_test.go | ||
| registration.go | ||
| watcher.go | ||