Cross-domain CSRF support?

kubetail-org / edge-csrf

CSRF protection library for JavaScript that runs on the edge runtime (with Next.js, SvelteKit, Express, Node-HTTP integrations)

MIT License

148 stars 9 forks source link

Cross-domain CSRF support? #5

Open gouku opened 1 year ago

gouku commented 1 year ago

First thanks for this project. I'd like to add a cross-domain CSRF support. My use case is: domain a.com sends requests to domain api.b.com. Both a.com and api.b.com are Next.js projects (two different projects in separate repo). Is it possible to use edge-csrf to implement it?

Thanks!

amorey commented 1 year ago

CSRF protection is designed to prevent cross-domain requests, not enable them so I don't think edge-csrf will be very helpful for your use case. To enable requests from a.com to api.b.com, you can implement CORS server-side at api.b.com.

jspm2013 commented 3 months ago

First thanks for this project. I'd like to add a cross-domain CSRF support. My use case is: domain a.com sends requests to domain api.b.com. Both a.com and api.b.com are Next.js projects (two different projects in separate repo). Is it possible to use edge-csrf to implement it?

Thanks!

@gouku have you managed to do it, I had the same issue and wonder how you solved it? Thanks, Sebastian

amorey commented 3 months ago

Can you be more specific about your use case?