From 732ed73d4fa03d50e0d879d245e54352e2070561 Mon Sep 17 00:00:00 2001
From: F04C <israeldarrel01@gmail.com>
Date: Wed, 18 Feb 2026 14:17:48 +0800
Subject: [PATCH] added for csrf

---
 handlers/csrf.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/handlers/csrf.go b/handlers/csrf.go
index 5d94b31..a821fd8 100644
--- a/handlers/csrf.go
+++ b/handlers/csrf.go
@@ -5,9 +5,15 @@ import (
 	"net/http"
 )
 
+const (
+	AccessControlExposeHeaders = "Access-Control-Expose-Headers"
+	XCsrfToken                 = "X-CSRF-Token"
+)
+
 // CSRFToken issues a CSRF token by relying on the CSRFMiddleware
 // to set the token in the response header and cookie on GET requests.
 func CSRFToken(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set(AccessControlExposeHeaders, XCsrfToken)
 	helper.RespondWithJSON(w, http.StatusOK, map[string]string{
 		"message": "CSRF token set",
 	})