chore(server): address requested changes

2026-03-22 00:03:41 +01:00 · 2026-03-14 23:49:36 +02:00 · 2026-03-14 23:49:36 +02:00 · f6f939c245
commit f6f939c245
parent 0d889426e8
1 changed files with 4 additions and 1 deletions
--- a/apps/server/src/routes/error_handlers.ts
+++ b/apps/server/src/routes/error_handlers.ts
@ -15,7 +15,10 @@ function register(app: Application) {
            && err.code === "EBADCSRFTOKEN";

        if (isCsrfTokenError) {
-            log.error(`Invalid CSRF token: ${req.headers["x-csrf-token"]}, secret: ${req.cookies[CSRF_COOKIE_NAME]}`);
+            const csrfHeader = req.headers["x-csrf-token"];
+            const csrfHeaderPrefix = typeof csrfHeader === "string" ? csrfHeader.slice(0, 8) : undefined;
+            const tokenInfo = csrfHeaderPrefix ? ` (token prefix: ${csrfHeaderPrefix})` : "";
+            log.error(`Invalid CSRF token on ${req.method} ${req.url}${tokenInfo}`);
            return next(new ForbiddenError("Invalid CSRF token"));
        }