Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable CSRF functionality without a need to remove code (composable) #334

Closed
genu opened this issue Dec 27, 2023 · 5 comments · Fixed by #399
Closed

Disable CSRF functionality without a need to remove code (composable) #334

genu opened this issue Dec 27, 2023 · 5 comments · Fixed by #399
Labels
enhancement New feature or request upstream Issue in the dependency awaiting resolve

Comments

@genu
Copy link

genu commented Dec 27, 2023

Is your feature request related to a problem? Please describe.

When doing local development, its often easier to disable some of the security features to speed up development. For example, I want to disable CSRF when I'm developing because I don't have to do a page refresh whenever I make changes to the server (changing the server causes a rebuild which produces a different CSRF token)

The current behavior is that when you set csrf: false it also seems to remove the autoimports for the useCsrf() composable, which produces errors. The same thing happens when setting enabled: false

Describe the solution you'd like

I want to be able to disable features in the config without breaking the application or requiring me to update/change code.
@genu genu added the enhancement New feature or request label Dec 27, 2023
@Baroshem
Copy link
Owner

Hey Buddy,

Thanks for reporting this idea!

I wonder how it could be implemented. I think that it could be delivered by the usage of the enabled flag as an addition to the built in composables.

Would you like it to work for CSRF only or for anything else as well?

@genu
Copy link
Author

genu commented Dec 27, 2023

For me, csrf is what I want to deal with, but I think similar situations can occur for any feature that adds auto imports.

@Baroshem
Copy link
Owner

I just checked the source code and tried few things and it seems to me that implementing this wont be easy.

CSRF support comes from an external module nuxt-csurf. Because of that, I do not have control over the auto import process.

Maybe the better option would be to submit an issue in https://github.com/morgbn/nuxt-csurf and then, I could upgrade the version of this module so that it will be accessible for all Nuxt Security users?

@genu genu mentioned this issue Dec 28, 2023
Closed
@Baroshem Baroshem added the awaiting details Waiting for feedback from the issue author, i.e. reproduction label Dec 28, 2023
@Baroshem Baroshem changed the title Ability to disable features Disable CSRF functionality without a need to remove code (composable) Jan 10, 2024
@Baroshem Baroshem added upstream Issue in the dependency awaiting resolve and removed awaiting details Waiting for feedback from the issue author, i.e. reproduction labels Jan 19, 2024
Morgbn added a commit to Morgbn/nuxt-csurf that referenced this issue Mar 20, 2024
@Morgbn
feat: ✨ per-route configuration & ability to disable
7550de1 
Resolves #25, resolves Baroshem/nuxt-security#334

Drop `excludedUrls` option in favor of `routeRules`
github-actions bot pushed a commit to Morgbn/nuxt-csurf that referenced this issue Mar 20, 2024
@semantic-release-bot
chore(release): 🔖 1.5.0 [skip ci]
147c987 
# [1.5.0](v1.4.2...v1.5.0) (2024-03-20)

### Features

* ✨ per-route configuration & ability to disable ([7550de1](7550de1)), closes [#25](#25) [Baroshem/nuxt-security#334](Baroshem/nuxt-security#334)
@genu
Copy link
Author

genu commented Mar 20, 2024

Looks like this was fixed upstream :)

@Baroshem
Copy link
Owner

Awesome, I will add it for the 1.3.0 plan :)

Baroshem added a commit that referenced this issue Mar 21, 2024
@Baroshem
feat-#334: bump nuxt-csurf
89e32ee
@Baroshem Baroshem linked a pull request Mar 21, 2024 that will close this issue
Chore/1.3.0 #399
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request upstream Issue in the dependency awaiting resolve
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Chore/1.3.0 Baroshem/nuxt-security
2 participants
@genu @Baroshem