vrr/agent-zero
2
0
Fork 0
mirror of https://github.com/agent0ai/agent-zero.git synced 2026-05-07 00:41:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
agent-zero/webui
History
Paolo Calvi 07f94ef4b5 Fix WebSocket CSRF validation failure on Chromium browsers over HTTPS 
SameSite=Strict cookies are not sent with WebSocket upgrade requests on
Chromium-based browsers (Brave confirmed), causing the CSRF cookie
check at connect time to fail with 'csrf cookie mismatch'. This breaks
the state_sync namespace, preventing the UI from loading chats.

Change SameSite from Strict to Lax for both the Flask session cookie
and the JavaScript-set CSRF token cookie. Lax still prevents cross-site
POST CSRF while allowing same-origin WebSocket upgrades to include
cookies.

Fixes #1237
2026-03-11 00:00:33 +01:00
..
components Fix plugin modal paths to use absolute URLs instead of relative paths 2026-03-10 22:27:16 +01:00
css Add tool request validation and plugin change notifications 2026-03-10 13:08:48 +01:00
js Fix WebSocket CSRF validation failure on Chromium browsers over HTTPS 2026-03-11 00:00:33 +01:00
public workdir outside project, gitkeeps 2026-02-08 14:54:49 +01:00
vendor WebSocket merge 2026-02-01 16:07:45 +01:00
index.css Add tool request validation and plugin change notifications 2026-03-10 13:08:48 +01:00
index.html Settings polishing, logout button 2026-02-05 22:02:49 +01:00
index.js ui: enhance chat input vertical expansion and auto-resize 2026-02-26 11:59:17 +01:00
login.css Enhance: More polished single-user login page 2025-09-01 02:12:49 -07:00
login.html Enhance: More polished single-user login page 2025-09-01 02:12:49 -07:00