search

koajs / csrf

CSRF tokens for koa
MIT License
264 stars 32 forks source link

change .csrf from a getter to a yieldable #11

Closed jonathanong closed 7 years ago

jonathanong commented 10 years ago

unlike express, we create the secret only when we need to to avoid setting cookies and updating sessions unnecessarily. however, this means with a getter, we do so synchronously.

how about changing the api to:

var csrf = yield this.csrf()

and optionally get it synchronously:

var csrf = this.csrfToken
// or without a getter
var csrf = this.csrfSync()

another breaking change, but i think it's for the better. unless we make the dev set the secret themselves, which would be kind of annoying.

jonathanong commented 8 years ago

doesn't matter anymore because crypto.randomBytes() has no benefits of being called async

dantman commented 8 years ago

may matter in regards to #9 if someone knows of session middleware that is async

stephenmathieson commented 7 years ago

@jonathanong I don't see any reason to make this change. Cool if I close?

jonathanong commented 7 years ago

@stephenmathieson agreed!