search

cheatcode / joystick

A full-stack JavaScript framework for building stable, easy-to-maintain apps and websites.
https://cheatcode.co/joystick
Other
209 stars 11 forks source link

When no database is marked as sessions: true, disable CSRF protection on getters/setters #363

Closed rglover closed 2 months ago

rglover commented 10 months ago

This is a bit confusing on a new app. It shouldn't be required, but easily switched on.

rglover commented 2 months ago

This is done but in reverse. I check if we have a registered sessions database before validating any CSRF token.