You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Support authorisation, where web apps or API's might use CSRF tokens to protect endpoints
In my own case, the user needs to make a req to /, they get a CSRF token, that allows them to authenticate against the other endpoints. Because Sinco doesn't hold onto any sessions/headers/cookies etc, when it makes a request to my protected endpoint (even if i GET / first), i get a "No CSRF token passed in"
Why:
A lot of apps use this, without this feauture, it means many people/companies won't be able to adopt Sinco
Acceptance Criteria
Below is a list of tasks that must be completed before this issue can be closed.
Write documentation
Write unit tests
Write integration tests
Example Pseudo Code (for implementation)
// Add example pseudo code for implementation
The text was updated successfully, but these errors were encountered:
We should add a setCookie method to the api, that adds a cookie to the browser instance. This makes it easy if someone wants to access a protected resource(eg using csrf), they can just pass in a valid token
A way to hold onto cookies across navigating pages, so say a user enters the home page (that gives them a token), they can now access other resources
Example:
// So i have two resources:// - home// - users// Home reosurce gives you a csrf token, users resource requires a token to access the page// Enter the users page directlyimport{csrf}from"./middleware/csrf.ts"// drash middlewareconsttoken=csrf.tokenconstChrome=awaitbuildFor("chrome")awaitChrome.setCookie("X-CSRF-TOKEN",token)awaitChrome.goto("localhost/users")// okawaitChrome.assertSee("you are authed and on this page")// ok// You enter the home page first to get the token, then go to the users pageawaitChrome.goto("localhost")// saves the cookies for the sessionawaitChrome.goto("localhost/users")// ok, because the cookies for the browser has passed over
Possible duplicate of #28 ?
Summary
What:
Support authorisation, where web apps or API's might use CSRF tokens to protect endpoints
In my own case, the user needs to make a req to
/
, they get a CSRF token, that allows them to authenticate against the other endpoints. Because Sinco doesn't hold onto any sessions/headers/cookies etc, when it makes a request to my protected endpoint (even if i GET/
first), i get a "No CSRF token passed in"Why:
A lot of apps use this, without this feauture, it means many people/companies won't be able to adopt Sinco
Acceptance Criteria
Below is a list of tasks that must be completed before this issue can be closed.
Example Pseudo Code (for implementation)
// Add example pseudo code for implementation
The text was updated successfully, but these errors were encountered: