Skip to content

Only protect POST requests
Compare
Choose a tag to compare
@g105b g105b released this 10 Jun 14:55
· 57 commits to master since this release
v1.5.0
ae4ea61
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

By default this library was protecting against all types of incoming request, by injecting the token into all forms on all pages. However, not only is protecting against CSRF attacks on GET requests not necessary, it can actually cause issues by exposing CSRF tokens in the URL when forms are submitted.

This lead to issues with browsers back/forward buttons triggering expired tokens, which is not expected behaviour of any sort of application.

Assets 2
Loading