How to protect against Cross Site Request Forgery (CSRF)

How can I protect against CSRF attacks when using tRPC on the client? Usually frameworks would include some kind of CSRF token automatically when submitting forms. Does this have to be done manually on tRPC?
N
Nick62d ago
Yes you'd be responsible for this type of stuff, we just use http under the hood so you can put whatever you need in the headers via a link, and check those headers as needed in a middleware
S
SwagSupreme62d ago
Thanks for confirming! There should probably be some kind of warning or example about this to let people know they should handle it themselves know. Otherwise there are gonna be a lot vulnerable apps out there
N
Nick62d ago
Feel free to open a pr for the docs 🙂
S
SwagSupreme62d ago
Once I implement it myself 🙂