Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[V2][Sessions] Make it super easy/fast to use CSRF tokens with sessions (SPA & regular apps) #798

Closed
LoicPoullain opened this issue Aug 20, 2020 · 1 comment
Closed

[V2][Sessions] Make it super easy/fast to use CSRF tokens with sessions (SPA & regular apps) #798

LoicPoullain opened this issue Aug 20, 2020 · 1 comment
Labels
enhancement

Comments

@LoicPoullain
Copy link
Member

Issue

Adding a CSRF protection is quite daunting in Foal. This should be made easier. Laravel gives a good example of an easy solution: https://laravel.com/docs/7.x/csrf

Solution

Always generate a session token when creating a session (even if the CSRF protection is disabled, otherwise it could lead to issues if enabling the protection later).

Maybe integrate the protection in @TokenRequired directly with the possibility of disabling the protection @TokenRequired({ cookie: true, csrf: false }). It would also integrate the setCsrfToken function.
@LoicPoullain LoicPoullain mentioned this issue Aug 20, 2020
Closed
15 tasks
This was referenced Aug 21, 2020
Merged
Merged
@LoicPoullain
Copy link
Member Author

Resolved in v2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
Issue tracking
Archived in project
Milestone
No milestone
Development

No branches or pull requests
1 participant
@LoicPoullain