chore: deprecate csrf.checkOrigin in favour of csrf.trustedOrigins: ['*']
#14281
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🦋 Changeset detectedLatest commit: 333d9fd The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
teemingc
approved these changes
Aug 21, 2025
dominikg
reviewed
Aug 21, 2025
| checkOrigin: deprecate( | ||
| boolean(true), | ||
| (keypath) => | ||
| `\`${keypath}\` has been deprecated in favour of \`csrf.trustedOrigins: ['*']\`. It will be removed in a future version` |
There was a problem hiding this comment.
* is only correct for checkOrigin false, if someone had an explicit checkOrigin: true in their config this message would be misleading
what would be the correct value for "only allow deployed origin", empty array or not setting it?
There was a problem hiding this comment.
empty array or not setting it. since the default for checkOrigins is true, the only reason someone would really have for setting it at all is to disable it, so i think the message is okay
teemingc
reviewed
Aug 21, 2025
Co-authored-by: Tee Ming <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
follow-up to #14021. It doesn't really make sense to have two options that can contradict each other, so this deprecates
checkOriginin favour oftrustedOrigins: ['*']Please don't delete this checklist! Before submitting the PR, please make sure you do the following:
Tests
pnpm testand lint the project withpnpm lintandpnpm checkChangesets
pnpm changesetand following the prompts. Changesets that add features should beminorand those that fix bugs should bepatch. Please prefix changeset messages withfeat:,fix:, orchore:.Edits