Skip to content

feat(csrf) enable csrf token in other way than ruby's one#134

Open
cpuy wants to merge 1 commit intotwilson63:masterfrom
bonitasoft:feat/enable-csrf
Open

feat(csrf) enable csrf token in other way than ruby's one#134
cpuy wants to merge 1 commit intotwilson63:masterfrom
bonitasoft:feat/enable-csrf

Conversation

@cpuy
Copy link

@cpuy cpuy commented Oct 4, 2016
edited
Loading

Hi,

Here is a PR to allow csrf in an other way than rail's one. In angular > 1.2 we can configure csrf cookie name and cookie header to let angular read the cookie and add token in headers. The idea here is to act as similar way instead of using meta tags

Add two options

  • upload-options-csrf-param name of the hidden parameter added to the form
  • upload-options-enable-csrf enable csrf in a simpler manner than ruby's one by getting token in cookie

Please let me know your opinion on this new feature.
Thx

Colin

feat(csrf) enable csrf token in other way than ruby's one
d9d95d8 
add two otpions
- upload-options-csrf-param  name of the hidden parameter added to the form
- upload-options-enable-csrf  enable csrf in a simpler manner than ruby's one by getting token in cookie
@cpuy cpuy force-pushed the feat/enable-csrf branch from ef36233 to d9d95d8 Compare October 4, 2016 09:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cpuy