From 6867e41fdff8bb42d78de76acb37e2ad277ec4be Mon Sep 17 00:00:00 2001
From: Maxim Lebedev <git@toby3d.me>
Date: Fri, 18 Feb 2022 00:12:46 +0500
Subject: [PATCH] :lock: Delete CSRF cookie in auth HTTP API route

---
 internal/auth/delivery/http/auth_http.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/internal/auth/delivery/http/auth_http.go b/internal/auth/delivery/http/auth_http.go
index 2182a99..dcd9cbf 100644
--- a/internal/auth/delivery/http/auth_http.go
+++ b/internal/auth/delivery/http/auth_http.go
@@ -240,6 +240,7 @@ func (h *RequestHandler) handleAuthorize(ctx *http.RequestCtx) {
 func (h *RequestHandler) handleVerify(ctx *http.RequestCtx) {
 	ctx.Response.Header.Set(http.HeaderAccessControlAllowOrigin, h.config.Server.Domain)
 	ctx.SetContentType(common.MIMEApplicationJSONCharsetUTF8)
+	ctx.Request.Header.DelCookie("__Secure-csrf")
 
 	encoder := json.NewEncoder(ctx)