CSRF - Implementation options?

[rohitkumbhar]

I've been trying to build simple CSRF protection using cookie + param value comparison as shown in security docs. I can't make it a generic implementation i.e. _csrf value from url param or body because HttpFilter do not read the body: Related Issue

Does anyone have any workarounds for this?

[yawkat]

there's currently no way to get the body in a filter, but we are looking at this. you could still implement this with a netty channel handler but it's probably more effort than it's worth.