servant-auth icon indicating copy to clipboard operation
servant-auth copied to clipboard
verified publisher icon haskell-servant

Extensible CSRF handling

Open 3noch opened this issue 8 years ago • 2 comments

Several issues can be solved with an extensible method for handling CSRF. For example, #30, #53, #10, #51.

3noch avatar Aug 09 '17 16:08 3noch

Another 'requirement': #71

I hope we can make it extensible by separating concerns instead of introducing hooks, overriding flags etc. Maybe we can delegate all XSRF logic to a record of functions that is part of the configuration. That seems quite flexible without too many bells and whistles.

roberth avatar Nov 23 '17 17:11 roberth

I'm for removing CSRF protection now that 94% of web users can be protected against CSRF with a simple cookie flag.

The current CSRF is inflexible, buggy and annoying to work with.

(please comment here if you're using CSRF and the cookie method won't help you protect)

domenkozar avatar Dec 16 '20 21:12 domenkozar