blackfyre
commented
5 months ago CSRF Tokens have to be implemented to non-API/non-Admin endpoints only.
Open blackfyre opened 10 months ago
blackfyre
commented
5 months ago CSRF Tokens have to be implemented to non-API/non-Admin endpoints only.
sanjay-xdr
commented
1 month ago I noticed commented code related to adding a CSRF token in the files. Is there something wrong with the commented code, or should I proceed with it? Alternatively, is there another library you'd prefer to use for CSRF protection?
blackfyre
commented
1 month ago @sanjay-xdr Welcome aboard :)
You can join us over at discord if you want to chat about it in detail 😄
Apart from that, the original implementation broke more thing than it resolved so it was essentially suspended until some one could pick it up again.
There's no preference around packages apart from keeping them at a minimum (in number), has to be maintained and echo compatibility might make one's life easier since pocketbase is built on top of it.
christiankozalla
commented
3 weeks ago I've added a pull request for this issue: https://github.com/blackfyre/wga/pull/132
But it's still work in progress
The title says it all...