Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Seems like `context.csrf` is being set without me doing anything
See original GitHub issueI am debugging my project and have a breakpoint set at this line: https://github.com/koajs/csrf/blob/master/src/index.js#L56
Now when I evaluate (ctx.csrf), I get a value back. However I am not sending a CSRF token anywhere in my application…all I’ve done is set Koa to use the CSRF middleare…I haven’t embedded _csrf in a hidden form field anywhere, nor have I appended a csrf token to any of my requests. So my question is, how is ctx.csrf already set?
Issue Analytics
- State:
- Created 6 years ago
- Comments:6 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Yes, the token is set whether or not you send it. This library asserts that the token was provided by the user.
It’s clear that a “real” example is necessary here. I’ll see if I can throw something together in shortly.
The token is valid for the duration of the user’s session in SPAs and for each request otherwise. Basically any time we can create a new token, we will.