You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Prevent Cross-Site Request Forgery using generated tokens.
Describe the solution you'd like
Create a generic csrf plugin in Stackpress
Update admin/transform create, update, remove and restore page to generate a token and save to cookie (res.session.set('csrf', token))
Pass token to react form and add as a hidden variable
When form submitted (or confirm link clicked) have pages check for valid token (submitted token vs req.session.get('csrf')
Properly report an error if invalid 419 Page Expired with message This page may have been requested from an external source. We corrected the issue. Please try again. Load the form/confirmation view again (do not redirect out).
Renew the token after every submit (even if error reported)
Describe the feature you'd like to request
Prevent Cross-Site Request Forgery using generated tokens.
Describe the solution you'd like
csrfplugin in Stackpressadmin/transformcreate, update, remove and restore page to generate a token and save to cookie (res.session.set('csrf', token))req.session.get('csrf')419 Page Expiredwith messageThis page may have been requested from an external source. We corrected the issue. Please try again. Load the form/confirmation view again (do not redirect out).Describe alternatives you've considered
No other considerations.