graffiti icon indicating copy to clipboard operation
graffiti copied to clipboard

Published 20 hours ago verified publisher icon RisingStack

Add CSRF token to GraphiQL view

Open cellis opened this issue 8 years ago • 5 comments

This change adds a getCSRFToken method that if provided can be invoked with the request to get a CSRF token for example: req.csrfToken().

This is needed for securing the GraphiQL views (especially on production instances!). I'm using a modified version of this in development to allow my csrf strategy to work. Let me know what you think!

cellis avatar Oct 19 '16 23:10 cellis

Thanks for the PR! Can you add support for the other frameworks too (koa, hapi)?

tothandras avatar Nov 18 '16 08:11 tothandras

@tothandras I'll look at these other frameworks soon

cellis avatar Nov 21 '16 04:11 cellis

any updates on this?

phra avatar Apr 24 '17 23:04 phra

@phra sorry for the delay. I don't have time to work on this anymore, as I've moved on to using another library. Perhaps someone else is interested in taking this to the finish line by implementing @tothandras' request to add koa and hapi support?

cellis avatar May 09 '17 17:05 cellis

@cellis which library are you using? i'm using this one right now.

phra avatar May 09 '17 18:05 phra