vegard/synops
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deaktiver SvelteKit CSRF origin-sjekk for multi-subdomain

Browse source 
ORIGIN er hardkodet til ws.synops.no, men adm.synops.no trenger
også POST (auth callback). CSRF ivaretatt av OIDC PKCE+state.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
vegard 2026-03-20 02:05:35 +00:00
parent c2ddd5a933
commit da04d42df2
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
frontend/svelte.config.js
View file

@ -3,7 +3,10 @@ import adapter from '@sveltejs/adapter-node';
/** @type {import('@sveltejs/kit').Config} */ /** @type {import('@sveltejs/kit').Config} */
const config = { const config = {
kit: { kit: {
adapter: adapter() adapter: adapter(),
csrf: {
checkOrigin: false
}
}, },
vitePlugin: { vitePlugin: {
dynamicCompileOptions: ({ filename }) => dynamicCompileOptions: ({ filename }) =>