1 commit

Author	SHA1	Message	Date
rcourtman	d52ac6d8b5	Fix CSRF token validation and improve token management ... - Add Access-Control-Expose-Headers to allow frontend to read X-CSRF-Token response header - Implement proactive CSRF token issuance on GET requests when session exists but CSRF cookie is missing - Ensures frontend always has valid CSRF token before making POST requests - Fixes 403 Forbidden errors when toggling system settings This resolves CSRF validation failures that occurred when CSRF tokens expired or were missing while valid sessions existed.	2025-11-05 09:23:44 +00:00