From f553da48e1d9cbddadcd448d093db391f9ec3897 Mon Sep 17 00:00:00 2001
From: psibean <psionatix@gmail.com>
Date: Wed, 1 Feb 2023 23:13:18 +1030
Subject: [PATCH] Update csrf-sync to fallback to _csrf query param

---
 src/middleware/csrf.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/middleware/csrf.js b/src/middleware/csrf.js
index 73676cac4e..e81c1ef200 100644
--- a/src/middleware/csrf.js
+++ b/src/middleware/csrf.js
@@ -6,6 +6,13 @@ const {
 	generateToken,
 	csrfSynchronisedProtection,
 } = csrfSync({
+	getTokenFromRequest: (req) => {
+		if (req.headers['x-csrf-token']) {
+			return req.headers['x-csrf-token'];
+		} else if (req.query) {
+			return req.query._csrf;
+		}
+	},
 	size: 64,
 });