Paul Frazee
Paul Frazee
Whoops yeah, looks like the docs are wrong on that. I'll correct it in a moment. Your usage *looks* correct to me. Here's the relevant test: https://github.com/beakerbrowser/hashbase/blob/master/test/users.js#L264
Oh brother- right, I forgot about that. That's a pain for you! You may have the right solution but I'll see if there's something cleaner that we can do. I'd...
@Pr0x1m4 Based on the csurf's readme, it looks like you can pass the token as `{_csrf:}` in the body. See https://github.com/expressjs/csurf#value. That might be easier. Extracting the token from the...
 Whoops JK. Will look around for better options.
According to https://github.com/pillarjs/understanding-csrf, if we disable CORS on effectful methods and and only accept JSON on those same methods, then we don't need CRSF. So, one option would be to...
That would make sense. We need to double check that the hashbase frontend would still work. Action items: - [x] Disable CORS *and* disable urlencoded submissions to the API routes...
Ok, going to deploy the update on the live service. LMK if everything is 👍
Hi Don! I'm not currently seeing any differences but I dont have any trouble believing that's happened. Hashbase has been suffering some reliability issues because the architecture hit its scaling...
❤️ Appreciate the kind words!
Yeah we could do that. Maybe as a config option.