Pass CSRF token directly as configuration, don't rely on presence of cookie or hidden input

Stormbase / django-otp-webauthn

Passkey support for Django. Currently in early stages of development and not ready for production use!

BSD 3-Clause "New" or "Revised" License

10 stars 2 forks source link

Pass CSRF token directly as configuration, don't rely on presence of cookie or hidden input #15

Closed nijel closed 1 month ago

nijel commented 1 month ago

This works if I manually modify JavaScript, but I have no knowledge of typescript, so there might be something missing.

Fixes #14

Stormheg commented 1 month ago

@nijel while reviewing this PR the thought occurred to me: why don't we pass the token directly as configuration? Avoids the need to go looking for it in different places and it assures the token is always available.

What do you think? I've pushed a commit to your branch that implements this.

nijel commented 1 month ago

Great idea. That avoids dependency on the Django configuration and page content.