New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add CSRF recipe into the documentation #633
Comments
Hi. Any news on this? Regarding CSRF protection or whatever comes from the client, is there a way to hook into the fastapi-users default routes to add custom behavior / protection /verification? |
Not yet, sorry. Regarding CSRF, a common way is to handle it is through a middleware, so it should be quite transparent for FastAPI Users. Another nice option is also router-level or app-level dependencies: |
Thanks for your super fast response! :) |
Adding onto this I think there might be a way to avoid CSRF entirely, and certain fastapi csrf extensions like this one are recommending it. The solution is to send two cookies instead of one, one using This stuff is frankly above my level but I thought I'd share it here in case anybody wanted to take it and run with it. |
It's possible to have it thanks to asgi-csrf. A detailed explanation and example in the doc would be nice.
Add an alert in the Cookie authentication backend to invite the user to check it out.
The text was updated successfully, but these errors were encountered: