Add CSRF protection to token authorization endpoint (#2703)

gardener-github-actions[bot] · petersutter · web-flow · commit 1f1440c2bd96 · 2025-12-04T14:52:27.000+01:00
Co-authored-by: Peter Sutter &lt;peter.sutter@sap.com&gt;
diff --git a/backend/lib/security/index.js b/backend/lib/security/index.js
@@ -228,6 +228,7 @@ async function authorizationUrl (req, res) {
 }
 
 async function authorizeToken (req, res) {
+  csrfProtection(req, res)
   const idToken = chain(req.body)
     .get(['token'])
     .trim()

Original file line number	Diff line number	Diff line change
`@@ -228,6 +228,7 @@ async function authorizationUrl (req, res) {`
`228`	`228`	`}`
`229`	`229`
`230`	`230`	`async function authorizeToken (req, res) {`
	`231`	`+ csrfProtection(req, res)`
`231`	`232`	`const idToken = chain(req.body)`
`232`	`233`	`.get(['token'])`
`233`	`234`	`.trim()`