Open juusopiikkila opened 6 months ago
Hello ! thank you for your contribution however, I don't fully understand the necessity to add the secret to the event context. Could you create a minimal repo, demonstrating the problem you are facing?
Yeah I was working on the repo and then I figured that I can just use const secret = useCookie('csrf')
and get the secret that way and it worked fine so I guess this is unnecessary then.
Although when getting the secret from the cookie it's undefined on the first request. Here's the repo: https://github.com/juusopiikkila/nuxt-csurf-secret.
Hi!
While 1.4.0 added the CSRF token to the event context, the secret should also be added.
I have a situation where I use urql and on the server side it doesn't see the secret cookie on the first request so it always fails.
With this I can get the secret key from the context and add it the to request when cookies are missing.