Morgbn / nuxt-csurf

Nuxt Cross-Site Request Forgery (CSRF) Prevention
https://nuxt-csurf.vercel.app
MIT License
81 stars 16 forks source link

Can I refresh csrf token after failed request? #14

Closed bayramorhan closed 11 months ago

bayramorhan commented 1 year ago

It works perfect for the first time that request is sent.

useCsrfFetch("/api/signup", {
    method: "POST",

But it throws CSRF Token Mismatch error after sending the request second time (with the same csrf token). How to refresh csrf token for second request?

Morgbn commented 11 months ago

Can you please provide a reproduction link ?

ndianabasi commented 11 months ago

If you redirect the user (via the server) back to the current page, this should help. Assuming, you are doing server-side rendering.

yapengsoft commented 10 months ago

If your interface follows the same-origin policy with cookie mechanism, after the first successful request, the server regenerates the CSRF token and sets it in the response header with "Set-Cookie."

If your interface employs cross-origin policy, using the browser OPTIONS mechanism, the server generates the CSRF token and includes it in the response header with "Set-Cookie" when handling the OPTIONS request.