mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(api): remove noisy CSRF guard debug log (#631)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details

Browse Source 
Co-authored-by: Jason Woltje <jason@diversecanvas.com>
Co-committed-by: Jason Woltje <jason@diversecanvas.com>
This commit was merged in pull request #631.
This commit is contained in:
Jason Woltje
2026-03-01 21:13:00 +00:00
committed by jason.woltje
parent 2b6bed2480
commit b4f4de6f7a
1 changed files with 2 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
apps/api/src/common/guards/csrf.guard.ts
View File

@@ -111,14 +111,9 @@ export class CsrfGuard implements CanActivate {
throw new ForbiddenException("CSRF token not bound to session");
}
} else {
this.logger.debug({
event: "CSRF_SKIP_SESSION_BINDING",
method: request.method,
path: request.path,
reason: "User context not yet available (global guard runs before AuthGuard)",
});
}
// Note: when userId is absent, the double-submit cookie check above is
// sufficient CSRF protection. AuthGuard populates request.user afterward.
return true;
}