GitHub/kill-the-news
1
0
Fork 0
mirror of https://github.com/juherr/kill-the-news.git synced 2026-06-21 06:13:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: replace custom HMAC CSRF with hono/csrf middleware

Browse Source 
Removes 38-line hand-rolled HMAC-SHA256 implementation in favour of
the built-in hono/csrf, which validates the Origin header natively.

- Delete src/utils/csrf.ts
- Replace custom CSRF middleware with hono/csrf (Origin-header check)
- Remove csrfToken from ContextVariableMap, layout(), forms, and JS fetch() calls
- Update admin tests: swap X-CSRF-Token for Origin header

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Julien Herr
2026-05-22 10:28:26 +02:00
parent 7d375693b9
commit a0415cdc41
4 changed files with 26 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/types/hono.d.ts
Vendored
-1
View File
@@ -4,6 +4,5 @@ import { Env } from "./index";
declare module "hono" {
interface ContextVariableMap {
env: Env;
csrfToken: string;
}
}