fix: Fix csrf token

Author: tjtanjin

.env.template

@@ -16,4 +16,7 @@ VITE_THEME_OWNERSHIP_PER_PAGE=6
 # plugin configurations
 VITE_PLUGINS_PER_PAGE=20
 VITE_PLUGIN_FAVORITES_PER_PAGE=6
-VITE_PLUGIN_OWNERSHIP_PER_PAGE=6
+VITE_PLUGIN_OWNERSHIP_PER_PAGE=6
+
+# CSRF token identifier
+VITE_CSRF_TOKEN_IDENTIFIER="LOCAL-XSRF-TOKEN"

src/utils.ts

@@ -68,10 +68,13 @@ const formatPreviewIdToTitleCase = (input: string): string => {
 };
 
 /**
- * Reads the CSRF token out of the XSRF-TOKEN cookie.
+ * Reads the CSRF token out of the csrf token cookie.
  */
 const getCsrfTokenFromCookie = (): string | null => {
-  const match = document.cookie.match(/(?:^|;\s*)XSRF-TOKEN=([^;]+)/);
+  const cookieName = import.meta.env.VITE_CSRF_TOKEN_IDENTIFIER || 'XSRF-TOKEN';
+  const escaped = cookieName.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, '\\$&');
+  const pattern = new RegExp(`(?:^|;\\s*)${escaped}=([^;]+)`);
+  const match = document.cookie.match(pattern);
   return match ? decodeURIComponent(match[1]) : null;
 };