You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Library users will be responsible for making sure CSRF checks are performed from form data. (Consuming the body is necessary for classic, formdata-based CSRF protection.)
The text was updated successfully, but these errors were encountered:
Much better:
Rather implement a second middleware which actually intercepts form requests (digesting the request body for form-Content-Type non-safe request methods),
and injects hidden token fields into all forms found in the response HTML.
This causes some indirection and might not be the very fastest, but the most secure way.
LeoniePhiline
changed the title
Add dangerously_pass_through_form_requests to support extractor-based classical forms
Add dangerously_pass_through_form_requests to support extractor-based classical forms?
Nov 29, 2022
Library users will be responsible for making sure CSRF checks are performed from form data. (Consuming the body is necessary for classic, formdata-based CSRF protection.)
The text was updated successfully, but these errors were encountered: