akanealw/caddy-proxy-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
f007f2df0cd477f5cbb4f1c2ee48e34fe2d22b5c
caddy-proxy-manager/app/api/auth/logout/route.ts
fuomag9 bdd3019214 security: add same-origin CSRF check to state-changing user API routes 
Adds checkSameOrigin() helper in auth.ts that validates the Origin header
against the Host header. If Origin is present and mismatched, returns 403.
Applied to all 5 custom POST routes flagged in CPM-003 (NEXT-CSRF-001):
  - change-password, link-oauth-start, unlink-oauth, update-avatar, logout

SameSite=Lax (NextAuth default) already blocks standard cross-site CSRF;
this adds defense-in-depth against subdomain and misconfiguration scenarios.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-05 01:04:18 +01:00

11 lines
327 B
TypeScript
Raw Blame History

import { NextRequest } from "next/server";
import { signOut, checkSameOrigin } from "@/src/lib/auth";
export const dynamic = 'force-dynamic';
export async function POST(request: NextRequest) {
const originCheck = checkSameOrigin(request);
if (originCheck) return originCheck;
await signOut({ redirectTo: "/login" });
}
Reference in New Issue View Git Blame Copy Permalink