From 96ff727b570ed427673e4625e83a6e70e4e7213f Mon Sep 17 00:00:00 2001
From: Sean Morley <zipsm15@gmail.com>
Date: Mon, 13 Jan 2025 19:47:19 -0500
Subject: [PATCH] fix: include Referer header and ensure CSRF token is set in
 request headers

---
 frontend/src/routes/+page.server.ts | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/frontend/src/routes/+page.server.ts b/frontend/src/routes/+page.server.ts
index 2987b88..9391b5b 100644
--- a/frontend/src/routes/+page.server.ts
+++ b/frontend/src/routes/+page.server.ts
@@ -37,8 +37,9 @@ export const actions: Actions = {
 			method: 'DELETE',
 			headers: {
 				'Content-Type': 'application/json',
-				Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`,
-				'X-CSRFToken': csrfToken
+				'X-CSRFToken': csrfToken, // Ensure CSRF token is in header
+				Referer: event.url.origin, // Include Referer header
+				Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`
 			},
 			credentials: 'include'
 		});
@@ -59,8 +60,6 @@ export const actions: Actions = {
 			cookieDomain = undefined; // Do not set the domain
 		}
 
-		console.log('Deleting sessionid cookie with domain:', cookieDomain);
-
 		// Delete the session cookie
 		event.cookies.delete('sessionid', {
 			path: '/',