You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be nice if we have a mechanism to skip the CSRF token if something is set inside the conn.private. For that, we could check if conn.private[:plug_skip_csrf_protection] is set to true and skip it. This would be useful for testing.
We should also add protection to this style of cross requests: rails/rails@1650bb3
From josevalim here phoenixframework/phoenix#338:
Two more notes:
It would be nice if we have a mechanism to skip the CSRF token if something is set inside the conn.private. For that, we could check if conn.private[:plug_skip_csrf_protection] is set to true and skip it. This would be useful for testing.
We should also add protection to this style of cross requests: rails/rails@1650bb3
Feel free to ping me if you need more info!
Currently WIP here: #136
The text was updated successfully, but these errors were encountered: