Opt out CSRF per route #923
florian-lefebvre
started this conversation in
Proposal
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Body
Summary
Allow to opt out of CSRF protection per route.
Background & Motivation
While it's good practice to have CSRF enable for an entire Astro project, there are cases where not having CSRF enabled for a specific route is required. One example is a webhook, read Stripe docs.
Goals
Example
The risk of this API is to have too many per-route setting (like
prerender
) so it may need a RFC before to to tackle this topic (discord thread)Beta Was this translation helpful? Give feedback.
All reactions