SwagSupreme
SwagSupreme10mo ago

How to protect against Cross Site Request Forgery (CSRF)

How can I protect against CSRF attacks when using tRPC on the client? Usually frameworks would include some kind of CSRF token automatically when submitting forms. Does this have to be done manually on tRPC?
4 Replies
Nick
Nick10mo ago
Yes you'd be responsible for this type of stuff, we just use http under the hood so you can put whatever you need in the headers via a link, and check those headers as needed in a middleware
SwagSupreme
SwagSupremeOP10mo ago
Thanks for confirming! There should probably be some kind of warning or example about this to let people know they should handle it themselves know. Otherwise there are gonna be a lot vulnerable apps out there
Nick
Nick10mo ago
Feel free to open a pr for the docs 🙂
SwagSupreme
SwagSupremeOP10mo ago
Once I implement it myself 🙂