Session and CSRF Documentation for Finatra 2.x

[ochowie]

Need documentation on sessions and CSRF support. It seems like it was present at one point but got removed in the version 2.x.

[cacoco]

@ochowie the CSRF support is through finagle-http and not in Finatra since Finatra v 2.x focuses on API services and not as much on front-end UIs. There is no concept of session support in this version of Finatra. Please see the documentation for more information.

https://twitter.github.io/finatra/user-guide/

Specifically:

The version of Finatra documented here is version 2.x. Version 2.x is a complete rewrite over v1.x and as such many things are different.

For high-level information about the changes from v1.x see the blog post here: https://blog.twitter.com/2015/finatra-20-the-fast-testable-scala-services-framework-that-powers-twitter

Thanks!

[milnomada]

@cacoco You mention:

the CSRF support is through finagle-http

could you please provide hints on how to do it (with finagle-http) or the documentation link where finagle docs explain anything about csrf token protection?

[cacoco]

@milnomada see the Cors filter in finagle-http. Thanks!

[lpil]

Hi @cacoco , I couldn't see anything CSRF related in there. Do you know if it has moved elsewhere?

[cacoco]

@lpil there's nothing specific in our stack for generating CSRF tokens if that's the question, only for helping negotiate CORS policy (which should be helpful for mitigation).