From f6f939c245879230b67906383ce704c9937f1edd Mon Sep 17 00:00:00 2001 From: Elian Doran Date: Sat, 14 Mar 2026 23:49:36 +0200 Subject: [PATCH] chore(server): address requested changes --- apps/server/src/routes/error_handlers.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/apps/server/src/routes/error_handlers.ts b/apps/server/src/routes/error_handlers.ts index af58be82f1..9df5f9c283 100644 --- a/apps/server/src/routes/error_handlers.ts +++ b/apps/server/src/routes/error_handlers.ts @@ -15,7 +15,10 @@ function register(app: Application) { && err.code === "EBADCSRFTOKEN"; if (isCsrfTokenError) { - log.error(`Invalid CSRF token: ${req.headers["x-csrf-token"]}, secret: ${req.cookies[CSRF_COOKIE_NAME]}`); + const csrfHeader = req.headers["x-csrf-token"]; + const csrfHeaderPrefix = typeof csrfHeader === "string" ? csrfHeader.slice(0, 8) : undefined; + const tokenInfo = csrfHeaderPrefix ? ` (token prefix: ${csrfHeaderPrefix})` : ""; + log.error(`Invalid CSRF token on ${req.method} ${req.url}${tokenInfo}`); return next(new ForbiddenError("Invalid CSRF token")); }