fix: resolve iOS forbidden errors by delivering CSRF token in response body
iOS Safari (especially PWA/standalone mode) unreliably exposes cookies via document.cookie, causing CSRF token mismatch on state-changing requests. The CSRF token is now included in /auth/login and /auth/me response bodies and stored in-memory on the client. Cookie remains as fallback. Retry mechanism also improved to read token from response body and handle expired sessions.
This commit is contained in:
Ulas
+1
-1
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "oikos",
|
||||
"version": "0.19.3",
|
||||
"version": "0.19.4",
|
||||
"description": "Self-hosted family planner - calendar, tasks, shopping, meal planning, budget and more. Private, open-source, no subscription.",
|
||||
"main": "server/index.js",
|
||||
"type": "module",
|
||||
|
||||
Reference in New Issue
Block a user