This PR fixes an issue where fetchCsrfTokenServer.ts could return cached CSRF tokens

[nios-x]

Proposed change

Resolves #4082

Description

This PR fixes an issue where fetchCsrfTokenServer.ts could return cached CSRF tokens due to default caching behavior in Next.js App Router.
In Next.js, server-side fetch() calls are cached by default unless explicitly configured otherwise. Since caching was not disabled, the CSRF token response could be reused across multiple requests, leading to intermittent CSRF validation failures caused by stale tokens.

Checklist

• Required: I followed the contributing workflow
• Required: I verified that my code works as intended and resolves the issue as described
• Required: I ran make check-test locally: all warnings addressed, tests passed

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e5d3d6a and 5c37de2.

📒 Files selected for processing (1)

• frontend/src/server/fetchCsrfTokenServer.ts

---

Summary by CodeRabbit

Release Notes

• Bug Fixes
  • Fixed CSRF token caching behavior to ensure proper token validation on each request.

Walkthrough

Modifies the CSRF token fetch call in fetchCsrfTokenServer.ts by adding cache: 'no-store' option to prevent caching of the server-side fetch response.

Changes

Cohort / File(s)	Summary
CSRF Token Caching frontend/src/server/fetchCsrfTokenServer.ts	Added cache: 'no-store' to fetch options to disable default Next.js caching behavior for CSRF token responses.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: preventing cached CSRF tokens in fetchCsrfTokenServer.ts, which matches the file modification.
Description check	✅ Passed	The description is directly related to the changeset, explaining the caching issue with Next.js App Router and why the fix is needed.
Linked Issues check	✅ Passed	The PR successfully addresses issue #4082 by adding cache: 'no-store' to prevent CSRF token caching, meeting the requirement for fresh tokens across requests.
Out of Scope Changes check	✅ Passed	The single file modification is scoped to the CSRF token caching issue; no unrelated changes are present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 1 file

Confidence score: 5/5

• Automated review surfaced no issues in the provided summaries.
• No files require special attention.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[nios-x]

@arkid15r