doomtube/beeta
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
beeta/frontend/src/hooks.server.js
doomtube c717c3751c Initial commit - realms platform
2026-01-05 22:54:27 -05:00

23 lines
846 B
JavaScript
Raw Blame History

/** @type {import('@sveltejs/kit').Handle} */
export async function handle({ event, resolve }) {
// SECURITY FIX #25: Server-side session validation
const authToken = event.cookies.get('auth_token');
if (authToken) {
// Token is present - attach to locals for use in load functions
// JWT validation happens on API calls; here we just pass it through
event.locals.authToken = authToken;
event.locals.isAuthenticated = true;
} else {
event.locals.isAuthenticated = false;
}
const response = await resolve(event);
// Add security headers to responses
response.headers.set('X-Content-Type-Options', 'nosniff');
response.headers.set('X-Frame-Options', 'SAMEORIGIN');
response.headers.set('Referrer-Policy', 'strict-origin-when-cross-origin');
return response;
}
Reference in a new issue View git blame Copy permalink