next-csrf icon indicating copy to clipboard operation
next-csrf copied to clipboard

Published 20 hours ago verified publisher icon juanbzpy

Explain implementation

Open j0lvera opened this issue 4 years ago • 2 comments

j0lvera avatar Jun 29 '20 02:06 j0lvera

I'm still a web dev newbie so this might be a dumb question, but if tokens are set in the middleware for requests that don't have them, how then are csrf attacks mitigated?

Esarhaddon avatar Aug 21 '20 03:08 Esarhaddon

@Esarhaddon it's not a dumb question at all, actually, it's a very valid question and there was a bug allowing unprotected API routes to provide CSRF tokens.

I'm working on a PR to fix that.

Thanks for the heads up!

j0lvera avatar Sep 15 '20 20:09 j0lvera