nuxt-auth-utils icon indicating copy to clipboard operation
nuxt-auth-utils copied to clipboard

Published 20 hours ago verified publisher icon Atinux

Safe again Cross Site Request Forgery (CSRF)?

Open selfire1 opened this issue 10 months ago • 2 comments

Hi, thank you for your work on this module!

I'm quite new to Auth solutions, and saw projects use a state, or a baseUrl to protect against Cross Site Request Forgery (CSRF). I couldn't immediately see such a check implemented here, but I'm sure I'm missing something. Would you be just willing to lay out how this module handles CSRF?

selfire1 avatar Apr 16 '24 06:04 selfire1

Actually we don't implement it as we don't handle form submission in this module with custom login/password.

You need to implement it yourself. Could you share the project using it?

atinux avatar Apr 17 '24 15:04 atinux

Good to know! It's a private repo, so I just invited you to collaborate.

selfire1 avatar Apr 18 '24 06:04 selfire1

I believe a module like https://nuxt.com/modules/csurf could do the job

atinux avatar Sep 11 '24 14:09 atinux