search

Morgbn / nuxt-csurf

Nuxt Cross-Site Request Forgery (CSRF) Prevention
https://nuxt-csurf.vercel.app
MIT License
67 stars 15 forks source link

Add CSRF secret to the event context #29

Open juusopiikkila opened 6 months ago

juusopiikkila commented 6 months ago

Hi!

While 1.4.0 added the CSRF token to the event context, the secret should also be added.

I have a situation where I use urql and on the server side it doesn't see the secret cookie on the first request so it always fails.

With this I can get the secret key from the context and add it the to request when cookies are missing.

Morgbn commented 4 months ago

Hello ! thank you for your contribution however, I don't fully understand the necessity to add the secret to the event context. Could you create a minimal repo, demonstrating the problem you are facing?

juusopiikkila commented 4 months ago

Yeah I was working on the repo and then I figured that I can just use const secret = useCookie('csrf') and get the secret that way and it worked fine so I guess this is unnecessary then.

juusopiikkila commented 4 months ago

Although when getting the secret from the cookie it's undefined on the first request. Here's the repo: https://github.com/juusopiikkila/nuxt-csurf-secret.