Disable CSRF Token Reuse

[raviroshanmehta]

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the issue has not already been raised

Issue

Thanks for this great plug in.

I have one concern. Save CSRF token I can use multiple time for the verification. Is there any option where I can make sure that token is used only once.

[mcollina]

thanks for reporting!

Save CSRF token I can use multiple time for the verification. Is there any option where I can make sure that token is used only once.

Unfortunately, not at this point. I never implemented this because I think it would be extremely hard to create useful applications with it: the amount of code on the frontend to handle that kind of update is significant and hard to make it refresh the token reliably.

[raviroshanmehta]

Can you please guide how we can restrict this token with one time use only without loosing this awesome core plugin ? I really don't want to use any other module or custom code for adding layer of csrf security in my fastify project.

[mcollina]

What you should do is to store your tokens in a database and then validate against that.
You'd need to send a PR for this feature. Essentially we would need to add a custom function to store the tokens and one to validate them / flag them as used.