SwagSupreme•6mo ago

How to protect against Cross Site Request Forgery (CSRF)

How can I protect against CSRF attacks when using tRPC on the client? Usually frameworks would include some kind of CSRF token automatically when submitting forms. Does this have to be done manually on tRPC?

4 Replies

Nick•6mo ago

Yes you'd be responsible for this type of stuff, we just use http under the hood so you can put whatever you need in the headers via a link, and check those headers as needed in a middleware

SwagSupreme•6mo ago

Thanks for confirming! There should probably be some kind of warning or example about this to let people know they should handle it themselves know. Otherwise there are gonna be a lot vulnerable apps out there

Nick•6mo ago

Feel free to open a pr for the docs 🙂

SwagSupreme•6mo ago

Once I implement it myself 🙂

Move Fast & Break Nothing. End-to-end typesafe APIs made easy.

4.9KMembers

View on Discord

More Posts

tRPC doesn't explicitly check Content-TypeOWASP recommends explicitly checking the Content-Type header to be the expected one, but when I pass Create a typescript type that refers to a useQuery hook dynamicallyI'm trying to create a typescript type that generically refers to a useQuery hook (e.g. I am trying tRPC Options Method not Allow in Vercel Next.jsI've been getting this error and I have already added CORS in my projects, in initializing the route Best way to update a TRPC useQuery response without refetchingHey, I currently have a trpc useQuery endpoint which retrieves a series of form submissions for a u What is a useSuspenseQuery?Hi, I'm wondering what a useSuspenseQuery is, im looking at the docs but it doesn't explain it anywh No "mutation"-procedure on pathHello all, I am using the latest version of TRPC on my client and server. I am using React Query on is there a better way to do this?```js let query; let params; switch (getWhat) { case "posts": query = api.user.userP How to access the query cache data?I want to be able to use a data from already queried data as an initial data of another query. Is th Thoughts on how to integrate t3 app, connectkit web3 auth, nextjs middleware, and trpcI am prototyping an application using t3 app with trpc, connectkit web3 auth. I am wanting to use n onError callback typeI want to have a callback onError passed from parent component to the child which has mutation call.