Skip to content

Commit c0dea28

Browse files
balazsorban44balazsorban44
committed
fix(core): avoid circular dependency
Fixes #6508
1 parent 681d53c commit c0dea28

File tree

2 files changed

+14
-13
lines changed

2 files changed

+14
-13
lines changed

packages/core/src/index.ts

Lines changed: 3 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@
3434

3535
import { assertConfig } from "./lib/assert.js"
3636
import { ErrorPageLoop } from "./errors.js"
37-
import { AuthInternal } from "./lib/index.js"
37+
import { AuthInternal, skipCSRFCheck } from "./lib/index.js"
3838
import renderPage from "./lib/pages/index.js"
3939
import { logger, setLogger, type LoggerInstance } from "./lib/utils/logger.js"
4040
import { toInternalRequest, toResponse } from "./lib/web.js"
@@ -51,6 +51,8 @@ import type {
5151
import type { Provider } from "./providers/index.js"
5252
import { JWTOptions } from "./jwt.js"
5353

54+
export { skipCSRFCheck }
55+
5456
/**
5557
* Core functionality provided by Auth.js.
5658
*
@@ -298,14 +300,3 @@ export interface AuthConfig {
298300
trustHost?: boolean
299301
skipCSRFCheck?: typeof skipCSRFCheck
300302
}
301-
302-
/**
303-
* :::danger
304-
* This option is inteded for framework authors.
305-
* :::
306-
*
307-
* Auth.js comes with built-in {@link https://authjs.dev/concepts/security#csrf CSRF} protection, but
308-
* if you are implementing a framework that is already protected against CSRF attacks, you can skip this check by
309-
* passing this value to {@link AuthConfig.skipCSRFCheck}.
310-
*/
311-
export const skipCSRFCheck = Symbol("skip-csrf-check")

packages/core/src/lib/index.ts

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
import { UnknownAction } from "../errors.js"
2-
import { skipCSRFCheck } from "../index.js"
32
import { SessionStore } from "./cookie.js"
43
import { init } from "./init.js"
54
import renderPage from "./pages/index.js"
@@ -186,3 +185,14 @@ export async function AuthInternal<
186185
}
187186
throw new UnknownAction(`Cannot handle action: ${action}`)
188187
}
188+
189+
/**
190+
* :::danger
191+
* This option is inteded for framework authors.
192+
* :::
193+
*
194+
* Auth.js comes with built-in {@link https://authjs.dev/concepts/security#csrf CSRF} protection, but
195+
* if you are implementing a framework that is already protected against CSRF attacks, you can skip this check by
196+
* passing this value to {@link AuthConfig.skipCSRFCheck}.
197+
*/
198+
export const skipCSRFCheck = Symbol("skip-csrf-check")

0 commit comments

Comments
 (0)