Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Always generate a token even if scope not called #16

Closed
frankie567 opened this issue Aug 27, 2020 · 3 comments
Closed

Always generate a token even if scope not called #16

frankie567 opened this issue Aug 27, 2020 · 3 comments
Labels
enhancement New feature or request

Comments

@frankie567
Copy link

Hello 👋

Thank you for this very useful middleware!

I have a use case (see fastapi-users/fastapi-users#291) where I call an API through the browser, using Cookie authentication. Thus, CSRF protection would be beneficial. However, it's a pure API : it doesn't generate any template ; so I don't have the opportunity to call request.scope.csrftoken() to generate the token.

Would it be possible (and sensible!) to have an option in the middleware to allow a token to be generated even if request.scope.csrftoken() is not called in the route logic?

Best regards!
@frankie567 frankie567 changed the title Always generates a token even if not scope called Always generates a token even if scope not called Aug 27, 2020
@frankie567 frankie567 changed the title Always generates a token even if scope not called Always generate a token even if scope not called Aug 27, 2020
@simonw simonw added the enhancement New feature or request label Jan 23, 2021
@simonw
Copy link
Owner

simonw commented Jan 23, 2021

This makes sense to me as an opt-in option.

@simonw simonw closed this as completed in 01d377e Jan 23, 2021
simonw added a commit that referenced this issue Jan 23, 2021
@simonw
Release 0.8
bb7178d 
Refs #16
@simonw
Copy link
Owner

simonw commented Jan 23, 2021

Documentation: https://github.com/simonw/asgi-csrf/blob/0.8/README.md#always-setting-the-cookie-if-it-is-not-already-set

@frankie567
Copy link
Author

Thank you @simonw, that will greatly help 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@simonw @frankie567