bluepnume
commented
5 years ago Hello all.
This module is no longer being actively maintained as part of the krakenjs org. We will likely be closing this repo. If you want to take ownership of the repo and maintain it going forwards, please reach out to me.
I have tried to fix the following issue - https://github.com/krakenjs/jwt-csrf/issues/11
Idea is to allow for a exclusion list while patching the xhr requests with the client package. Not all outgoing requests need the custom csrf headers. Some requests could be going to another server and I don't want to expose this header in those situations. Also, in case of CORS requests when the client package tried to look for the custom header the browser throws an error due the way CORS works. It does not allow to read custom header. There is an extra http call for OPTIONS too, which we could be avoided.
I have reused the server side exclusion logic and extracted it out in a helper function which can be used in both client and server packages.