larvit/plainpages
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Secure cookie flags + CSRF for our own POST forms (todo §4); SECURE_COOKIES toggle on session/CSRF cookies; csrf.ts signed double-submit token + body.ts form reader; logout is now a CSRF-guarded POST form

Browse Source
This commit is contained in:
Lilleman auf Larv
2026-06-18 11:12:32 +02:00
parent dec55f85a6
commit 4b2173cb84
21 changed files with 241 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/server.ts
View File

@@ -25,12 +25,14 @@ await runBootHooks(plugins); // plugin onBoot — after discovery, before listen
const server = createApp({
auth: { audience: config.jwtAudience, issuer: config.jwtIssuer },
cache: config.cacheTemplates,
csrfSecret: config.csrfSecret,
jwks,
keto,
kratos,
kratosAdmin,
menu,
plugins,
secureCookies: config.secureCookies,
}).listen(config.port, () => {
console.log(`Listening on http://localhost:${config.port}`);
});