Skip to content

Should csrf-sync be framework agnostic? #22

Description

@psibean

Currently csrf-sync depends on both express and express-session meaning it can't be consumed by any other connect middleware compatible lib. This would be a breaking change as we would probably have to remove the default configuration for getTokenFromRequest and storeTokenInState as they both currently enforce / expect express-session.

The csrfToken convenience method would have to be have to be declaration merged onto the default Node Request type instead of the express Request type.

Types would have to be updated significantly to take in generic types that extends the default Node Request and Response types enabling it to be compatible with various framework Request/Response extensions.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions