Replies: 3 comments 4 replies
-
|
Has this been implemented yet? |
Beta Was this translation helpful? Give feedback.
-
|
For anyone who'd came across this question next-auth/packages/core/src/lib/index.ts Line 190 in 8b38d32 |
Beta Was this translation helpful? Give feedback.
-
|
@MasterLambaster Any chance you could include an example of how to use this? |
Beta Was this translation helpful? Give feedback.
-
|
@henricook It's an option that you have to pass to the const authConfig = {
providers: [
GitHubProvider({
clientId: process.env.GITHUB_ID,
clientSecret: process.env.GITHUB_SECRET,
}),
],
skipCSRFCheck: true,
};
export default async function handler(req, res) {
const { nextauth, provider, ...rest } = req.query
req.query = { nextauth: [nextauth, provider], ...rest }
return await NextAuth(req, res, authConfig)
} |
Beta Was this translation helpful? Give feedback.
-
|
Is this released? I'm using next-auth 4.22.1 and skipCSRFCheck is not in it |
Beta Was this translation helpful? Give feedback.
-
|
it's been a year and its still on beta not released yet. It has many breaking changes though |
Beta Was this translation helpful? Give feedback.
-
|
any update on this |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Description 📓
Currently it's not possible to use next-auth without a CSRF token. This makes it impossible to use your next-auth powered API outside a next app. CSRF token's are only used for web app requests bc their point is to protect against XSS attacks.
How to reproduce ☕️
Try to submit an api request without an CSRF token.
Contributing 🙌🏽
Yes, I am willing to help implement this feature in a PR
Beta Was this translation helpful? Give feedback.
All reactions