Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

useCsrf() is undefined #203

Closed
n4an opened this issue Sep 7, 2023 · 2 comments · Fixed by #212
Closed

useCsrf() is undefined #203

n4an opened this issue Sep 7, 2023 · 2 comments · Fixed by #212
Labels
bug Something isn't working
Milestone
1.0.0-rc.1

Comments

@n4an
Copy link

n4an commented Sep 7, 2023

Request header
Csrf-Token: undefined

ssr: false,

security: {
enabled: true,
    csrf: { // optional
      https: false, // default true if in production
      cookieKey: '', // "__Host-csrf" if https is true otherwise just "csrf"
      cookie: { // CookieSerializeOptions from unjs/cookie-es
        path: '/',
        httpOnly: true,
        sameSite: 'strict'
      },
      methodsToProtect: ['POST', 'PUT', 'PATCH'], // the request methods we want CSRF protection for
      // excludedUrls: ['/nocsrf1', ['/nocsrf2/.*', 'i']], // any URLs we want to exclude from CSRF protection
      // encryptSecret: /** a 32 bits secret */, // random bytes by default
      encryptAlgorithm: 'aes-256-cbc'
    },
}

await useCsrfFetch('api/auth/signup', {
      body: payload,
      method: 'POST',
    });


const { csrf } = useCsrf(); // undefined


Cookie:
csrf=3c8a73c6-690c-48f2-92b4-3b100ef352ae;
@n4an n4an added the bug Something isn't working label Sep 7, 2023
@n4an
Copy link
Author

n4an commented Sep 7, 2023

It is for SSR only?

export function useCsrf() {
  const nuxtApp = useNuxtApp();
  if (process.server) {
    const res = nuxtApp.ssrContext?.event.node.res ?? {};
    if ("_csrftoken" in res) {
      nuxtApp.payload.csrfToken = res._csrftoken;
    }
  }
  return { csrf: nuxtApp.payload.csrfToken };
}

@Baroshem
Copy link
Owner

Hey,

In the current version yes, but just in time, the author of the package that provides CSRF for Nuxt Security have fixed that in Morgbn/nuxt-csurf#8

I will be bumping nuxt csurf in the upcominng 1.0.0 version of NuxtSecurity

Stay tuned!

@Baroshem Baroshem added this to the 1.0.0 milestone Sep 12, 2023
@Baroshem Baroshem mentioned this issue Sep 21, 2023
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
1.0.0-rc.1
Development

Successfully merging a pull request may close this issue.

Chore/1.0.0 rc.1 Baroshem/nuxt-security
2 participants
@n4an @Baroshem