Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do I use correctly next-csrf ?? #33

Closed
nataliagoskapracuj opened this issue Nov 19, 2021 · 5 comments
Closed

Do I use correctly next-csrf ?? #33

nataliagoskapracuj opened this issue Nov 19, 2021 · 5 comments

Comments

@nataliagoskapracuj
Copy link

nataliagoskapracuj commented Nov 19, 2021
edited

sorry for posting a question here, but I don't know if it's me who makes a mistake or is it problem with a package.
My application doesn't have a login or anything like this, so I created an empty endpoint that only sets a cookie when entering the page, and then I submit a form

My setup:

// service/csrf.js
import { nextCsrf } from "next-csrf";

const CSRF_SECRET = process.env.CSRF_SECRET;
const options = {
  secret: CSRF_SECRET
};

export const { csrf, csrfToken } = nextCsrf(options);
//pages/api/csrf.js
import { csrf } from "service/csrf";

async function handler(req, res) {
  return res.status(200).end();
}

export default csrf(handler);
//pages/_app.js
import { csrfToken } from "service/csrf";

function MyApp({ Component, pageProps }) {
  return (
      <Component {...pageProps} csrfToken={csrfToken} />
  );
}
export default MyApp;
// pages/index.js
export default function HomePage({
  csrfToken,
}) {
  useEffect(() => {
  // first request to set a cookie
    apiRequest({
      method: httpMethods.GET,
      url: "api/csrf",
      headers: {
        "XSRF-TOKEN": csrfToken,
      },
    });
  }, []);

  return (
          <Form
            csrfToken={csrfToken}
          />
  );
}
const Form = ({ csrfToken }) => {
  const handleSubmit = (event) => {
    event.preventDefault();
    apiRequest({
      method:  "POST",
      url: `api/send-form`,
      data: {
          //....
      },
      headers: {
        "XSRF-TOKEN": csrfToken,
      },
    })
      .then(() => {
      })
      .catch((error) => {
      });
  };

  return (
        <form onSubmit={handleSubmit}>
             //....
        </form>
  );
};
// pages/api/send-form.js

import { csrf } from "service/csrf";

async function handler(req, res) {
 // ....
}

export default csrf(handler);

It returns 403 at this moment https://github.com/j0lv3r4/next-csrf/blob/main/src/middleware/csrf.ts#L64

I changed a package in node module to reflect the last changes that where made in this PR #31 because there is no new version of package with those changes.
@juanbzpy
Copy link
Owner

Hey, @nataliagoskapracuj. I need to make a new release, but I haven't had the time.

I will try to get it done this weekend.

@nizarfadlan
Copy link

Hey, @nataliagoskapracuj. I need to make a new release, but I haven't had the time.

I will try to get it done this weekend.

I'm waiting for it sir, hopefully it will be released soon

@akeuk
Copy link

akeuk commented Dec 13, 2021

@j0lv3r4 Can we workaround by using older released?

@juanbzpy
Copy link
Owner

This got fixed with https://github.com/j0lv3r4/next-csrf/releases/tag/v0.2.1

@juanbzpy
Copy link
Owner

I'm going to close this. Please re-open if you are still having this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@juanbzpy @akeuk @nizarfadlan @nataliagoskapracuj and others