Ability for Fairings to respond to requests #2219
Labels
duplicate
This issue or pull request already exists
Comments
|
This is planned. See #749. Indeed, the workaround, well, works, but is unfortunate. |
SergioBenitez
added
duplicate
|
Thanks! Let me know if I can help with the design or implementation. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request motivated by a concrete problem? Please describe.
I'm attempting to extend rocket_csrf with the ability to automatically check whether valid CSRF tokens are provided in headers. If an invalid token is provided for a write request, I would like the fairing to respond with a permission denied error, but the API does not allow this.
I understand that the philosophy is to respond to requests via request guards or response callbacks, however I believe fairings are the right place for this functionality since this needs to be run on every request. Otherwise, users would need to remember to add request guards to every request and failure to do so would be a security issue.
Why this feature can't or shouldn't live outside of Rocket
The
Fairingtrait does not give us the ability to abort requests viaon_request.Ideal Solution
Update
on_requestto give us the ability to respond to requests. Maybe the return type should be something likeOption<rocket::request::Outcome>.Alternatives Considered
The only other approach I've seen to do this is to modify the request to point to a handler defined by the fairing. I'll probably do this for now, but it seems like a hack.
The text was updated successfully, but these errors were encountered: