sihl icon indicating copy to clipboard operation
sihl copied to clipboard

Published 20 hours ago verified publisher icon oxidizing

Improve CSRF documentation and generation

Open aronerben opened this issue 3 years ago • 1 comments

  • ~Mention that the default __Host prefix only works with HTTPS, so testing on HTTP localhost with production won't work~
  • ~Change <input type="hidden" name="csrf" value=.../> to <input type="hidden" name="_csrf" value=.../> here~
  • [ ] Fix the admin UI CSRF name here to use the CSRF middleware parameter

aronerben avatar Jun 18 '21 12:06 aronerben

Update 20.12.2021:
First two TODOs are no longer relevant because the cookie the CSRF is stored in changed (1) and the input name is parameterized now (2).

aronerben avatar Dec 20 '21 17:12 aronerben