Redirect user to the login page when either of the csrf token inputs is missing

2026-03-10 05:39:11 +00:00 · 2024-04-08 20:22:17 +05:30
parent d257629f81
commit 27815d982c
1 changed files with 4 additions and 2 deletions
--- a/src/khoj/routers/auth.py
+++ b/src/khoj/routers/auth.py
@@ -96,10 +96,12 @@ async def auth(request: Request):
    csrf_token_cookie = request.cookies.get("g_csrf_token")
    if not csrf_token_cookie:
-        return Response("Missing CSRF token", status_code=400)
+        logger.info("Missing CSRF token. Redirecting user to login page")
        return RedirectResponse(url=f"{next_url}")
    csrf_token_body = form.get("g_csrf_token")
    if not csrf_token_body:
-        return Response("Missing CSRF token", status_code=400)
+        logger.info("Missing CSRF token body. Redirecting user to login page")
        return RedirectResponse(url=f"{next_url}")
    if csrf_token_cookie != csrf_token_body:
        return Response("Invalid CSRF token", status_code=400)