grape-swagger-rails icon indicating copy to clipboard operation
grape-swagger-rails copied to clipboard

Published 20 hours ago verified publisher icon ruby-grape

CSRF prevention tokens in cookies

Open dan-corneanu opened this issue 9 years ago • 1 comments

Hi, my grape APIs are protected against CSRF through a X-CSRF-Token request header. The value that has to go into this header is sent by the server to clients through a cookie.

Is there a way to customise grape-swagger-rails to add this header to every request? Ex.

xhr.setRequestHeader('X-CSRF-Token', $.cookie('CSRF-Token'))

dan-corneanu avatar Jun 19 '15 08:06 dan-corneanu

I think this will need a bit of work, see how things are added to the request here: https://github.com/TinkerDev/grape-swagger-rails/blob/master/app/views/grape_swagger_rails/application/index.html.erb#L49.

dblock avatar Jun 19 '15 14:06 dblock