search

Baroshem / nuxt-security

🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware
https://nuxt-security.vercel.app/
MIT License
737 stars 56 forks source link

CSRF per route #469

Closed moshetanzer closed 3 weeks ago

moshetanzer commented 3 weeks ago

Hi,

Love your library.

Can you have CSRF enabled globally and per route disable (for e.g., logout endpoints etc..)

This doesnt work


 '/api/auth/logout': {
      security: {
        csrf: false
      }
    }
vejja commented 3 weeks ago

Hi @moshetanzer Under the hood we use the Nuxt-Csurf module by @Morgbn, which has route-level support, so I think it should be available under its native csurf option key. Could you try to do 

'/api/auth/logout': {
  csurf: false
}

And let me know if it works ?

moshetanzer commented 3 weeks ago

yip, suspected that 😄. Should I add a pr to docs or to codebase?

Thanks

vejja commented 3 weeks ago

Yes please, that would be wonderful ! Thanks

Baroshem commented 3 weeks ago

Thanks guys!