Closed CrowdHailer closed 5 years ago
@CrowdHailer what do you think about this?
https://github.com/gatherdigital/plug_rails_csrf_protection
-how & where the middleware should embed the token and when in the stack should verify the token.
-I think it's feasible to get rid of Plug using raxx, maybe just needs Plug.Crypto as dependency
-Should the CSRF token be generated kind of session/signed_cookie.ex
does?
-probably the CSRF middleware will need the CORS middleware…
now my thoughts are mostly due to my lack of deep knowledge of raxx, maybe you can shed some light on it.
We should match phoenix behaviour. which is just a wrapper for
Plug.CSRFProtection
https://github.com/phoenixframework/phoenix/blob/d02621e106a9420167e7152f88f0cc4ab57a7785/lib/phoenix/controller.ex#L957-L959could be separate project or part of a browser middleware lib