admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-18 02:21:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(core): Prevent session hijacking (#9057)

Browse Source
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™
2024-04-09 11:20:35 +02:00
committed by GitHub
parent 5793e5644a
commit 28261047c3
15 changed files with 124 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
packages/cli/src/Server.ts
View File

@@ -33,7 +33,7 @@ import {
TEMPLATES_DIR,
} from '@/constants';
import { CredentialsController } from '@/credentials/credentials.controller';
import type { CurlHelper } from '@/requests';
import type { APIRequest, CurlHelper } from '@/requests';
import { registerController } from '@/decorators';
import { AuthController } from '@/controllers/auth.controller';
import { BinaryDataController } from '@/controllers/binaryData.controller';
@@ -235,6 +235,13 @@ export class Server extends AbstractServer {
frontendService.settings.publicApi.latestVersion = apiLatestVersion;
}
}
// Extract BrowserId from headers
this.app.use((req: APIRequest, _, next) => {
req.browserId = req.headers['browser-id'] as string;
next();
});
// Parse cookies for easier access
this.app.use(cookieParser());