Skip to content

Please reflect that this is Signed Double Submit Cookie Pattern #123

Description

@fetis

You claim in the documentation that this package is for the Double Submit Cookie Pattern. Quote from the Readme

This module provides the necessary pieces required to implement CSRF protection using the Double Submit Cookie Pattern.

In reality, it implements only the Signed Double Submit Cookie Pattern, and it's impossible to use it for the Naive Double Submit Cookie Pattern.

Background
I needed to protect some forms that are used by unauthenticated users, but it's impossible to achieve because a session is required for the CSRF token generation. If you could explain to me how to configure the package for that goal, I would be happy, but atm I don't see the way.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions