Closed shenburak closed 6 years ago
@dougwilson there is no csrf cookie when user has not logged in to the site before for example, apollo client does not add a cookie when querying on the server side, which leads to glitches if the cookie value can be obtained from req.csrfCookie this problem is solved
Hi @Qeneke I'm still not understanding. What you're describing is how CSRF protection works: without the cookie it is not supposed to work at all. The cookie must be set in order to get past the protection.
@dougwilson yes cookie must be set in order to get past the protection.but if the server-side query does not find a cookie, this value can be assigned to the cookie by the query tool
I'm not sure I understand. Perhaps if can you add an example of how to use this feature in the README, documentation for this feature to the README, and tests for the feature in the test suite? Perhaps that would help clarify to me (and of course to all other users) what the feature is, does, and how to use it :+1:
sorry i do not have time for it. there is a problem with server-side queries (especially apollo client) and the solution is possible in this way.
When there is no cookie, req.csrfCookie is added to handle only the server side of the specific function without using a cookie