Skip to content

fix: use secureFetch for admin verification request#479

Merged
Aditya948351 merged 1 commit into
devpathindcommunity-india:masterfrom
tanushkat96:fix/csrf-secure-fetch
Jun 2, 2026
Merged

fix: use secureFetch for admin verification request#479
Aditya948351 merged 1 commit into
devpathindcommunity-india:masterfrom
tanushkat96:fix/csrf-secure-fetch

Conversation

@tanushkat96
Copy link
Copy Markdown
Contributor

@tanushkat96 tanushkat96 commented Jun 1, 2026

Closes #427

Summary

Updated the admin verification flow to use the new secureFetch utility introduced in PR #380.

Changes

  • Imported secureFetch from src/lib/apiClient
  • Replaced fetch('/api/auth/verify-admin') with secureFetch('/api/auth/verify-admin') in src/components/auth/AdminKeyModal.tsx

Why

The new CSRF middleware requires mutating API requests to include the CSRF token header. Using secureFetch ensures the required token is automatically attached to the admin verification POST request.

Additional Review

  • Reviewed mutating requests (POST, PUT, PATCH, DELETE) within the src directory.
  • The admin verification endpoint was the frontend /api/* request requiring migration to secureFetch.
  • Other mutating requests found during review were external API calls (e.g. GitHub APIs) or utility/debug scripts and are not affected by the /api/* CSRF middleware.

@Aditya948351 Aditya948351 self-requested a review June 2, 2026 06:52
Aditya948351
Aditya948351 approved these changes Jun 2, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@Aditya948351 Aditya948351 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Approved. Great work on this.

@Aditya948351 Aditya948351 added gssoc26 This is a official GirlScript Summer of Code label. type:security level:intermediate Intermediate level issues labels Jun 2, 2026
@Aditya948351 Aditya948351 merged commit 2a6693e into devpathindcommunity-india:master Jun 2, 2026
@Aditya948351 Aditya948351 added the gssoc:approved give 50+ base points label Jun 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Aditya948351 Aditya948351 Aditya948351 approved these changes

Assignees

@tanushkat96 tanushkat96

Labels

gssoc:approved give 50+ base points gssoc26 This is a official GirlScript Summer of Code label. level:intermediate Intermediate level issues type:security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security/Feature] Integrate secureFetch utility across frontend to support CSRF protection

2 participants

@tanushkat96 @Aditya948351