How to protect against Cross Site Request Forgery (CSRF)
How can I protect against CSRF attacks when using tRPC on the client? Usually frameworks would include some kind of CSRF token automatically when submitting forms. Does this have to be done manually on tRPC?
4 Replies
Yes you'd be responsible for this type of stuff, we just use http under the hood so you can put whatever you need in the headers via a link, and check those headers as needed in a middleware
Thanks for confirming!
There should probably be some kind of warning or example about this to let people know they should handle it themselves know. Otherwise there are gonna be a lot vulnerable apps out there
Feel free to open a pr for the docs 🙂
Once I implement it myself 🙂