Opt out CSRF per route #923

florian-lefebvre · 2024-05-20T13:33:41Z

florian-lefebvre
May 20, 2024
Maintainer

Body

Summary

Allow to opt out of CSRF protection per route.

Background & Motivation

While it's good practice to have CSRF enable for an entire Astro project, there are cases where not having CSRF enabled for a specific route is required. One example is a webhook, read Stripe docs.

Goals

Having a way to opt-out CSRF protection for a given route

Example

export const checkOrigin = false;

The risk of this API is to have too many per-route setting (like prerender) so it may need a RFC before to to tackle this topic (discord thread)

mseibert · 2025-05-22T19:43:20Z

mseibert
May 22, 2025

We would need this in our projects.

1 reply

florian-lefebvre May 22, 2025
Maintainer Author

I don't think this is likely to move anytime soon FYI. Ping me on the related private issue so we can discuss alternatives

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Opt out CSRF per route #923

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Opt out CSRF per route #923

Uh oh!

florian-lefebvre May 20, 2024 Maintainer

Body

Summary

Background & Motivation

Goals

Example

Replies: 1 comment · 1 reply

Uh oh!

mseibert May 22, 2025

Uh oh!

florian-lefebvre May 22, 2025 Maintainer Author

florian-lefebvre
May 20, 2024
Maintainer

Replies: 1 comment 1 reply

mseibert
May 22, 2025

florian-lefebvre May 22, 2025
Maintainer Author