You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
One thing which would be useful to add would be an ability to generate some kind of deterministic CSRF cookie.
Proper CSRF is a bit of a PITA, but it would make using gotham for real projects much easier, so it's probably worth having a default solution available.
And then pass around a Box<CSRFProvider>. This way a user can customize their CSRFProvider to use a token database or whatever if they don't like the default stateless implementation.
It would also be cool if you could make decoding with CSRF protection a derivable property :)
The text was updated successfully, but these errors were encountered:
One thing which would be useful to add would be an ability to generate some kind of deterministic CSRF cookie.
Proper CSRF is a bit of a PITA, but it would make using gotham for real projects much easier, so it's probably worth having a default solution available.
I think a fairly clean solution would be to add:
And then pass around a
Box<CSRFProvider>
. This way a user can customize their CSRFProvider to use a token database or whatever if they don't like the default stateless implementation.It would also be cool if you could make decoding with CSRF protection a derivable property :)
The text was updated successfully, but these errors were encountered: