CSRF protection #59
Comments
|
@mdahlstrand or @adamkdean: perhaps have a look at integrating https://www.npmjs.com/package/csurf Unsure which of you has the most time to burn at the moment, please pick it up if you're able! |
|
I will be looking at this ticket soon. 🎟 |
|
What's the status on this? @adamkdean do you need a ✋ ? |
|
@eduardoboucas I believe I added the CSRF token to the view model, but the validation of the token is still pending. If you have the time to pick this up then that'd be greatly appreciated! Thanks! |
|
BUMP on this. You seem real close @adamkdean? |
|
Ah, this hasn't been picked up? I'll find some time this week or next and get this finished. |
|
Many thanks! Some docs would be the icing on the cake too 🍰 https://github.com/dadi/docs/blob/new/docs/web.md#csrf-tokens |
|
I do like 🍰. I'll get you some docs as well. 🙇 |
|
@abovebored take a look and let me know what you think. Have updated the docs also. 🍰 😋 🔏 |
A middleware based approach (using https://github.com/pillarjs/csrf) exposing the CSRF token to the templating layer through a global property or helper.
The text was updated successfully, but these errors were encountered: