Deaktiver SvelteKit CSRF origin-sjekk for multi-subdomain
ORIGIN er hardkodet til ws.synops.no, men adm.synops.no trenger også POST (auth callback). CSRF ivaretatt av OIDC PKCE+state. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
c2ddd5a933
commit
da04d42df2
1 changed files with 4 additions and 1 deletions
|
|
@ -3,7 +3,10 @@ import adapter from '@sveltejs/adapter-node';
|
|||
/** @type {import('@sveltejs/kit').Config} */
|
||||
const config = {
|
||||
kit: {
|
||||
adapter: adapter()
|
||||
adapter: adapter(),
|
||||
csrf: {
|
||||
checkOrigin: false
|
||||
}
|
||||
},
|
||||
vitePlugin: {
|
||||
dynamicCompileOptions: ({ filename }) =>
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue