added log statement to csrf validation

2025-07-27 18:12:17 +02:00 · 2025-07-27 18:12:17 +02:00 · 2fb4f8ac98
parent 098317cbcb
commit 2fb4f8ac98
1 changed files with 4 additions and 0 deletions
--- a/src/lib/server/csrf.ts
+++ b/src/lib/server/csrf.ts
@ -5,6 +5,8 @@
 import type { Handle } from '@sveltejs/kit';
 import { json, text } from '@sveltejs/kit';

+import Logs from "$lib/server/log"
+
 /**
 * CSRF protection middleware for SvelteKit.
 *
@ -28,6 +30,8 @@ export function csrf(allowedPaths: string[], allowedOrigins: string[] = []): Han
            !allowedPaths.includes(url.pathname); // Path is not explicitly allowed

        if (forbidden) {
+			Logs.route.warn("Blocked request due to csrf violation")
+
            const message = `Cross-site ${request.method} form submissions are forbidden`;
            if (request.headers.get('accept') === 'application/json') {
                return json({ message }, { status: 403 });