diff --git a/frontend/src/routes/activities/+page.server.ts b/frontend/src/routes/activities/+page.server.ts index 238e6b4..626bef8 100644 --- a/frontend/src/routes/activities/+page.server.ts +++ b/frontend/src/routes/activities/+page.server.ts @@ -37,7 +37,8 @@ export const actions: Actions = { headers: { 'X-CSRFToken': csrfToken, 'Content-Type': 'application/json', - Cookie: `csrftoken=${csrfToken}` + Cookie: `csrftoken=${csrfToken}`, + Referer: event.url.origin // Include Referer header } }); console.log(res); diff --git a/frontend/src/routes/adventures/+page.server.ts b/frontend/src/routes/adventures/+page.server.ts index da69fdf..a2d7ab6 100644 --- a/frontend/src/routes/adventures/+page.server.ts +++ b/frontend/src/routes/adventures/+page.server.ts @@ -69,7 +69,8 @@ export const actions: Actions = { method: 'POST', headers: { Cookie: `csrftoken=${csrfToken}; sessionid=${sessionId}`, - 'X-CSRFToken': csrfToken + 'X-CSRFToken': csrfToken, + Referer: event.url.origin // Include Referer header }, body: formData }); diff --git a/frontend/src/routes/adventures/[id]/+page.server.ts b/frontend/src/routes/adventures/[id]/+page.server.ts index bba55aa..eed47ba 100644 --- a/frontend/src/routes/adventures/[id]/+page.server.ts +++ b/frontend/src/routes/adventures/[id]/+page.server.ts @@ -66,7 +66,9 @@ export const actions: Actions = { let res = await fetch(`${serverEndpoint}/api/adventures/${event.params.id}`, { method: 'DELETE', headers: { - Cookie: `sessionid=${event.cookies.get('sessionid')}; csrftoken=${csrfToken}`, + Referer: event.url.origin, // Include Referer header + Cookie: `sessionid=${event.cookies.get('sessionid')}; + csrftoken=${csrfToken}`, 'X-CSRFToken': csrfToken }, credentials: 'include' diff --git a/frontend/src/routes/collections/+page.server.ts b/frontend/src/routes/collections/+page.server.ts index f88e5ee..20e2c40 100644 --- a/frontend/src/routes/collections/+page.server.ts +++ b/frontend/src/routes/collections/+page.server.ts @@ -96,6 +96,7 @@ export const actions: Actions = { method: 'POST', headers: { 'X-CSRFToken': csrfToken, + Referer: event.url.origin, // Include Referer header Cookie: `sessionid=${sessionid}; csrftoken=${csrfToken}` }, body: formDataToSend @@ -174,9 +175,11 @@ export const actions: Actions = { method: 'PATCH', headers: { 'X-CSRFToken': csrfToken, - Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}` + Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`, + Referer: event.url.origin // Include Referer header }, body: formDataToSend, + credentials: 'include' }); diff --git a/frontend/src/routes/collections/[id]/+page.server.ts b/frontend/src/routes/collections/[id]/+page.server.ts index bf54a5b..f672eed 100644 --- a/frontend/src/routes/collections/[id]/+page.server.ts +++ b/frontend/src/routes/collections/[id]/+page.server.ts @@ -63,7 +63,8 @@ export const actions: Actions = { headers: { Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`, 'Content-Type': 'application/json', - 'X-CSRFToken': csrfToken + 'X-CSRFToken': csrfToken, + Referer: event.url.origin // Include Referer header }, credentials: 'include' }); diff --git a/frontend/src/routes/login/+page.server.ts b/frontend/src/routes/login/+page.server.ts index f8723ba..b2571a1 100644 --- a/frontend/src/routes/login/+page.server.ts +++ b/frontend/src/routes/login/+page.server.ts @@ -46,7 +46,8 @@ export const actions: Actions = { headers: { 'X-CSRFToken': csrfToken, 'Content-Type': 'application/json', - Cookie: `csrftoken=${csrfToken}` + Cookie: `csrftoken=${csrfToken}`, + Referer: event.url.origin // Include Referer header }, body: JSON.stringify({ username, password }), credentials: 'include' @@ -73,7 +74,8 @@ export const actions: Actions = { headers: { 'X-CSRFToken': csrfToken, 'Content-Type': 'application/json', - Cookie: `csrftoken=${csrfToken}; sessionid=${sessionId}` + Cookie: `csrftoken=${csrfToken}; sessionid=${sessionId}`, + Referer: event.url.origin // Include Referer header }, body: JSON.stringify({ code: totp }), credentials: 'include' diff --git a/frontend/src/routes/signup/+page.server.ts b/frontend/src/routes/signup/+page.server.ts index 813b471..f9a96dc 100644 --- a/frontend/src/routes/signup/+page.server.ts +++ b/frontend/src/routes/signup/+page.server.ts @@ -56,7 +56,8 @@ export const actions: Actions = { headers: { 'X-CSRFToken': csrfToken, 'Content-Type': 'application/json', - Cookie: `csrftoken=${csrfToken}` + Cookie: `csrftoken=${csrfToken}`, + Referer: event.url.origin // Include Referer header }, body: JSON.stringify({ username: username, diff --git a/frontend/src/routes/user/reset-password/+page.server.ts b/frontend/src/routes/user/reset-password/+page.server.ts index f91db59..39f8232 100644 --- a/frontend/src/routes/user/reset-password/+page.server.ts +++ b/frontend/src/routes/user/reset-password/+page.server.ts @@ -21,7 +21,8 @@ export const actions: Actions = { headers: { 'Content-Type': 'application/json', 'X-CSRFToken': csrfToken, - Cookie: `csrftoken=${csrfToken}` + Cookie: `csrftoken=${csrfToken}`, + Referer: event.url.origin // Include Referer header }, body: JSON.stringify({ email diff --git a/frontend/src/routes/user/reset-password/[key]/+page.server.ts b/frontend/src/routes/user/reset-password/[key]/+page.server.ts index 2db51f6..e2f92b7 100644 --- a/frontend/src/routes/user/reset-password/[key]/+page.server.ts +++ b/frontend/src/routes/user/reset-password/[key]/+page.server.ts @@ -35,7 +35,8 @@ export const actions: Actions = { headers: { 'Content-Type': 'application/json', Cookie: `csrftoken=${csrfToken}`, - 'X-CSRFToken': csrfToken + 'X-CSRFToken': csrfToken, + Referer: event.url.origin // Include Referer header }, method: 'POST', credentials: 'include',