How do we validate POST endpoint requests that have JSON payload? #114

asuraphel · 2022-10-03T16:27:15Z

asuraphel
Oct 3, 2022

ValidateFormSubmission reads the CSRF token from formData. I agree that preventing CSRF is a great idea but shouldn't it be a different concern just like Django does it( allows you to opt out with the decorator nocsrf.

pilcrowonpaper · 2022-10-04T02:40:05Z

pilcrowonpaper
Oct 4, 2022
Maintainer

You can use validateRequest, which checks for the access token in the authorization header. With v0.10.0, you'll be able to opt out of the default header based CSRF protection.

2 replies

asuraphel Oct 4, 2022
Author

The documentation says validateRequest doesn't work with POST requests, right?

pilcrowonpaper Oct 4, 2022
Maintainer

No, that's validateRequestByCookie

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How do we validate POST endpoint requests that have JSON payload? #114

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment 2 replies

{{title}}

{{title}}

{{title}}

Select a reply

How do we validate POST endpoint requests that have JSON payload? #114

asuraphel Oct 3, 2022

Replies: 1 comment · 2 replies

pilcrowonpaper Oct 4, 2022 Maintainer

asuraphel Oct 4, 2022 Author

pilcrowonpaper Oct 4, 2022 Maintainer

asuraphel
Oct 3, 2022

Replies: 1 comment 2 replies

pilcrowonpaper
Oct 4, 2022
Maintainer

asuraphel Oct 4, 2022
Author

pilcrowonpaper Oct 4, 2022
Maintainer