New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable CSRF functionality without a need to remove code (composable) #334
Comments
Hey Buddy, Thanks for reporting this idea! I wonder how it could be implemented. I think that it could be delivered by the usage of the Would you like it to work for CSRF only or for anything else as well? |
For me, csrf is what I want to deal with, but I think similar situations can occur for any feature that adds auto imports. |
I just checked the source code and tried few things and it seems to me that implementing this wont be easy. CSRF support comes from an external module nuxt-csurf. Because of that, I do not have control over the auto import process. Maybe the better option would be to submit an issue in https://github.com/morgbn/nuxt-csurf and then, I could upgrade the version of this module so that it will be accessible for all Nuxt Security users? |
Resolves #25, resolves Baroshem/nuxt-security#334 Drop `excludedUrls` option in favor of `routeRules`
# [1.5.0](v1.4.2...v1.5.0) (2024-03-20) ### Features * ✨ per-route configuration & ability to disable ([7550de1](7550de1)), closes [#25](#25) [Baroshem/nuxt-security#334](Baroshem/nuxt-security#334)
Looks like this was fixed upstream :) |
Awesome, I will add it for the 1.3.0 plan :) |
Is your feature request related to a problem? Please describe.
When doing local development, its often easier to disable some of the security features to speed up development. For example, I want to disable CSRF when I'm developing because I don't have to do a page refresh whenever I make changes to the server (changing the server causes a rebuild which produces a different CSRF token)
The current behavior is that when you set
csrf: false
it also seems to remove the autoimports for theuseCsrf()
composable, which produces errors. The same thing happens when settingenabled: false
Describe the solution you'd like
I want to be able to disable features in the config without breaking the application or requiring me to update/change code.
The text was updated successfully, but these errors were encountered: