How do we validate POST endpoint requests that have JSON payload? #114

asuraphel · 2022-10-03T16:27:15Z

asuraphel
Oct 3, 2022

ValidateFormSubmission reads the CSRF token from formData. I agree that preventing CSRF is a great idea but shouldn't it be a different concern just like Django does it( allows you to opt out with the decorator nocsrf.

pilcrowonpaper · 2022-10-04T02:40:05Z

pilcrowonpaper
Oct 4, 2022
Maintainer

You can use validateRequest, which checks for the access token in the authorization header. With v0.10.0, you'll be able to opt out of the default header based CSRF protection.

2 replies

asuraphel Oct 4, 2022
Author

The documentation says validateRequest doesn't work with POST requests, right?

pilcrowonpaper Oct 4, 2022
Maintainer

No, that's validateRequestByCookie

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

How do we validate POST endpoint requests that have JSON payload? #114

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment 2 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

How do we validate POST endpoint requests that have JSON payload? #114

Uh oh!

Uh oh!

asuraphel Oct 3, 2022

Replies: 1 comment · 2 replies

Uh oh!

pilcrowonpaper Oct 4, 2022 Maintainer

Uh oh!

asuraphel Oct 4, 2022 Author

Uh oh!

pilcrowonpaper Oct 4, 2022 Maintainer

asuraphel
Oct 3, 2022

Replies: 1 comment 2 replies

pilcrowonpaper
Oct 4, 2022
Maintainer

asuraphel Oct 4, 2022
Author

pilcrowonpaper Oct 4, 2022
Maintainer