Skip to content

frontend: Use an uncommon name for csrf cookie

Warren Gifford requested to merge csrf-cookie into master

Created by: keegancsmith

The name csrf_token seems to be use by other applications. When a user views Sourcegraph on localhost it is not uncommon for a csrf_token to be set by another app the user uses on localhost. This has lead to csrf errors, making the site unuseable for the user. The proposed solution is to just use a different name.

This does mean when this rolls out users will not have sg_csrf_token set. I suspect they will run into a not authorized error, but will work on the next page refresh.

Fixes https://github.com/sourcegraph/sourcegraph/issues/65

Merge request reports

Loading