Do not use cookies for backend authentication

2025-12-06 06:37:07 +00:00 · 2025-08-09 12:43:17 +02:00
parent 2c1a24e4a5
commit ae8e5d4ef6
3 changed files with 0 additions and 4 deletions
--- a/lib/www/server/api/middleware/auth/jwt.js
+++ b/lib/www/server/api/middleware/auth/jwt.js
@@ -5,8 +5,6 @@ const cfg = require("../../../lib/config").jwt;
 const getToken = function (req) {
 	if (req.headers.authorization && req.headers.authorization.split(' ')[0] == 'Bearer') {
 		return req.headers.authorization.split(' ')[1];
-	} else if (req.cookies.JWT) {
-		return req.cookies.JWT;
 	}
 	return null;
 }
--- a/lib/www/server/api/middleware/user/login.js
+++ b/lib/www/server/api/middleware/user/login.js
@@ -8,7 +8,6 @@ async function login (req, res, next) {
 		if (payload) {
 			const token = jwt.issue(payload, req, res);
 			res.set("X-JWT", token);
-			res.set("Set-Cookie", `JWT=${token}`); // For good measure
 			res.status(200).send({token});
 			next();
 			return;
--- a/lib/www/server/api/middleware/user/logout.js
+++ b/lib/www/server/api/middleware/user/logout.js
@@ -1,6 +1,5 @@

 async function logout (req, res, next) {
-	res.clearCookie("JWT");
 	res.status(204).send();
 	next();
 }