webauthn-spring-boot-starter icon indicating copy to clipboard operation
webauthn-spring-boot-starter copied to clipboard

Published 20 hours ago verified publisher icon mihaita-tinta

Support csrf tokens for the post endpoints

Open mihaita-tinta opened this issue 3 years ago • 0 comments

We can customize the csrf repo to expose the token and send it from the browser:

http.csrf().csrfTokenRepository(withHttpOnlyFalse())

The fetch options should include the header with the cookie value:

<script type="module">

  let registrationElement = document.querySelector('webauthn-registration');
  registrationElement.registrationStartUrl = "/registration/start";
  registrationElement.registrationStartUrl = "/registration/finish";
  const csrf = ('; '+document.cookie).split(`; XSRF-TOKEN=`).pop().split(';')[0];
  console.log('headers:', registrationElement.fetchOptions);
  registrationElement.fetchOptions = {
    ...registrationElement.fetchOptions,
    headers: {
      ...registrationElement.fetchOptions.headers,
      'X-XSRF-TOKEN': csrf
    }
  };
//...
</script>

mihaita-tinta avatar Sep 03 '21 06:09 mihaita-tinta