Closed genu closed 2 months ago
Hey Buddy,
Thanks for reporting this idea!
I wonder how it could be implemented. I think that it could be delivered by the usage of the enabled
flag as an addition to the built in composables.
Would you like it to work for CSRF only or for anything else as well?
For me, csrf is what I want to deal with, but I think similar situations can occur for any feature that adds auto imports.
I just checked the source code and tried few things and it seems to me that implementing this wont be easy.
CSRF support comes from an external module nuxt-csurf. Because of that, I do not have control over the auto import process.
Maybe the better option would be to submit an issue in https://github.com/morgbn/nuxt-csurf and then, I could upgrade the version of this module so that it will be accessible for all Nuxt Security users?
Looks like this was fixed upstream :)
Awesome, I will add it for the 1.3.0 plan :)
Is your feature request related to a problem? Please describe.
When doing local development, its often easier to disable some of the security features to speed up development. For example, I want to disable CSRF when I'm developing because I don't have to do a page refresh whenever I make changes to the server (changing the server causes a rebuild which produces a different CSRF token)
The current behavior is that when you set
csrf: false
it also seems to remove the autoimports for theuseCsrf()
composable, which produces errors. The same thing happens when settingenabled: false
Describe the solution you'd like
I want to be able to disable features in the config without breaking the application or requiring me to update/change code.