Dynamic CSFR #661
chladog
started this conversation in
Feature Requests & Ideas
Dynamic CSFR
#661
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
This is a proposal for feature of dynamic CSFR validator. Currently the domain must 100% match together with protocol, domain.
as the condition is following:
if (!origin || config.csrf.length === 0 || config.csrf.indexOf(origin) > -1) {if would be great if we could either validate by configurable regex or run custom validation function (prefered).
This would allow for programmable validator that would allow dynamic hosts, subdomains, etc.
Current workaround is not to use CSFR at all, which is insecure.
Beta Was this translation helpful? Give feedback.
All reactions