pmeunier/nest - Change HRAWXWFEN632GIC22J2D3WLN4ZTYOOOCHXTK4CGNAREZSIZQ4XJAC

Forwarding the set-cookie header set for CSRF

CSRF worked fine when the Rust backend is called from the browser, but needed this extra layer of forwarding when the Rust backend is called from the Svelte backend

Created by pmeunier on April 27, 2026

HRAWXWFEN632GIC22J2D3WLN4ZTYOOOCHXTK4CGNAREZSIZQ4XJAC

Dependencies

[2] LE34RHBBMJT2BWLU5BHZJSHNMHQWX66QQNM2MAEDWEARCWOCSYLAC

In channels

main

Change contents

Insertion in ui/src/hooks.server.ts at line 20 [2.600]

[2.1225]

};
export const handle = async ({ event, resolve }) => {
  const response = await resolve(event);
  const responses = event.locals.fetchResponses ?? [];
  for (const res of responses) {
    const setCookie = res.headers.get('set-cookie');
    if (setCookie) {
      response.headers.append('set-cookie', setCookie);
    }
  }
  return response;