From 1756cc5b4bb14b5b9354d1f651cd59fed4d680b6 Mon Sep 17 00:00:00 2001
From: Eli Bosley <ekbosley@gmail.com>
Date: Mon, 27 Jan 2025 11:25:13 -0500
Subject: [PATCH] fix: pull token from query not params

---
 api/src/unraid-api/auth/cookie.strategy.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/unraid-api/auth/cookie.strategy.ts b/api/src/unraid-api/auth/cookie.strategy.ts
index 580898af8..50e5920eb 100644
--- a/api/src/unraid-api/auth/cookie.strategy.ts
+++ b/api/src/unraid-api/auth/cookie.strategy.ts
@@ -20,7 +20,7 @@ export class UserCookieStrategy extends PassportStrategy(Strategy, strategyName)
     public validate = async (req: CustomRequest): Promise<any> => {
         return (
             this.authService.validateCsrfToken(
-                req.headers['x-csrf-token'] || (req.params as { csrf_token?: string })?.csrf_token
+                req.headers['x-csrf-token'] || (req.query as { csrf_token?: string })?.csrf_token
             ) && this.authService.validateCookiesCasbin(req.cookies)
         );
     };