/** * @copyright 2026 NHCarrigan * @license Naomi's Public License * @author Naomi Carrigan */ import { FastifyPluginAsync, FastifyRequest } from "fastify"; import fastifyPlugin from "fastify-plugin"; import fastifyCsrf from "@fastify/csrf-protection"; const csrfPlugin: FastifyPluginAsync = async (app) => { await app.register(fastifyCsrf, { sessionPlugin: "@fastify/cookie", cookieOpts: { path: "/", httpOnly: true, secure: process.env.NODE_ENV === "production", sameSite: "lax", }, getToken: (request: FastifyRequest) => { return request.headers["x-csrf-token"] as string; }, }); }; export default fastifyPlugin(csrfPlugin);