hpcc-systems · ydahal1 · Jan 2, 2025 · Jan 2, 2025
diff --git a/Tombolo/.env.sample b/Tombolo/.env.sample
@@ -41,6 +41,7 @@ API_KEY_DURATION=
 # Authentication and Authorization Configuration
 JWT_SECRET=
 JWT_REFRESH_SECRET=
+CSRF_SECRET=
 
 # OAuth 2.0 - Azure
 TENENT_ID=

diff --git a/Tombolo/server/middlewares/csrfMiddleware.js b/Tombolo/server/middlewares/csrfMiddleware.js
@@ -10,7 +10,9 @@ const csrf = doubleCsrf({
 
       const decoded = verifyToken(token, process.env.JWT_SECRET);
 
-      const secret = process.env.CSRF_SECRET + decoded.id;
+      const secret = process.env.CSRF_SECRET
+        ? process.env.CSRF_SECRET
+        : "secret" + decoded.id;
 
       return secret;
     } catch (e) {