Skip to content

Add ability to disable CSRF #4989

Closed
Closed
Add ability to disable CSRF#4989
Labels
enhancementNew feature or requesttriageUnseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.
@ajsharp

Description

@ajsharp
ajsharp
opened on Jul 21, 2022

Description 📓

Currently it's not possible to use next-auth without a CSRF token. This makes it impossible to use your next-auth powered API outside a next app. CSRF token's are only used for web app requests bc their point is to protect against XSS attacks.

How to reproduce ☕️

Try to submit an api request without an CSRF token.

Contributing 🙌🏽

Yes, I am willing to help implement this feature in a PR

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requesttriageUnseen or unconfirmed by a maintainer yet. Provide extra information in the meantime.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions