New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for CSRF? #256
Comments
I don't really follow your question. CSRF is not a feature, it's an attack. There's various ways to mitigate that attack, but no particular one is standardized. |
Closing due to lack of follow up. |
There is the functionality at ajax library |
Okay, libraries can continue to do that on top of |
See https://tools.ietf.org/html/draft-west-first-party-cookies-07 for mitigations against csrf |
I don't know if this should go as an issue, but I can't find any documentation on the support for CSRF.
For now, if there aren't such support in whatwg-fetch I would just need to know how I should be able to fetch X-CSRF-TOKEN from the header of OPTIONS request made during CORS preflight. I need this token to use in next request.
The text was updated successfully, but these errors were encountered: