Skip to content

CSRF prevention tokens in cookies #18

New issue
New issue
Open
Open
CSRF prevention tokens in cookies#18
Labels
question
@dan-corneanu

Description

@dan-corneanu
dan-corneanu
opened on Jun 19, 2015

Hi,
my grape APIs are protected against CSRF through a X-CSRF-Token request header. The value that has to go into this header is sent by the server to clients through a cookie.

Is there a way to customise grape-swagger-rails to add this header to every request?
Ex.

xhr.setRequestHeader('X-CSRF-Token', $.cookie('CSRF-Token'))

Activity

dblock
added
question
on Jun 19, 2015
dblock

dblock commented on Jun 19, 2015

@dblock
dblock
on Jun 19, 2015
Member

I think this will need a bit of work, see how things are added to the request here: https://github.com/TinkerDev/grape-swagger-rails/blob/master/app/views/grape_swagger_rails/application/index.html.erb#L49.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    question

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @dblock@dan-corneanu

        Issue actions
          CSRF prevention tokens in cookies · Issue #18 · ruby-grape/grape-swagger-rails