ar(fix) [DPCP-62]: Consolidate Domain

dreampipcom · Aug 7, 2024 · bf15235 · bf15235
1 parent 2f6e911
commit bf15235
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/patches/@auth+core+0.34.2.patch b/patches/@auth+core+0.34.2.patch
@@ -17,3 +17,24 @@ index a35e8f0..792a6ce 100644
              return { csrfTokenVerified, csrfToken };
          }
      }
+diff --git a/node_modules/@auth/core/src/lib/actions/callback/oauth/csrf-token.ts b/node_modules/@auth/core/src/lib/actions/callback/oauth/csrf-token.ts
+index 337c1d6..803ca2f 100644
+--- a/node_modules/@auth/core/src/lib/actions/callback/oauth/csrf-token.ts
++++ b/node_modules/@auth/core/src/lib/actions/callback/oauth/csrf-token.ts
+@@ -31,6 +31,7 @@ export async function createCSRFToken({
+ }: CreateCSRFTokenParams) {
+   if (cookieValue) {
+     const [csrfToken, csrfTokenHash] = cookieValue.split("|")
++    const [bodyValueToken] = bodyValue?.split("|") || []
+
+     const expectedCsrfTokenHash = await createHash(
+       `${csrfToken}${options.secret}`
+@@ -40,7 +41,7 @@ export async function createCSRFToken({
+       // If hash matches then we trust the CSRF token value
+       // If this is a POST request and the CSRF Token in the POST request matches
+       // the cookie we have already verified is the one we have set, then the token is verified!
+-      const csrfTokenVerified = isPost && csrfToken === bodyValue
++      const csrfTokenVerified = isPost && csrfToken === bodyValueToken
+
+       return { csrfTokenVerified, csrfToken }
+     }