You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I realize the purpose of this package is to abstract the network calls, though I find I can't use it in conjunction with CSRF protection. It would be awesome to have the ability to customize headers in each call (such as x-csrf-token)!
The text was updated successfully, but these errors were encountered:
That's true, If I were rolling my own CSRF protection, that would work. However, I'm using an off-the-shelf CSRF solution (https://github.com/krakenjs/lusca) that expects the token either in the top level of req.body or in a header:
If I pass the CSRF token in the params to the RPC function, it gets JSON stringified inside req.body.params[0], which is not something lusca understands:
I realize the purpose of this package is to abstract the network calls, though I find I can't use it in conjunction with CSRF protection. It would be awesome to have the ability to customize headers in each call (such as
x-csrf-token
)!The text was updated successfully, but these errors were encountered: