Skip to content

feat: Support CSRF token retrieval from header "X-CSRF-Token" #422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
timriley merged 3 commits into from
Nov 7, 2025
Merged

feat: Support CSRF token retrieval from header "X-CSRF-Token" #422

timriley merged 3 commits into from
Nov 7, 2025

Conversation

@masterT
Copy link
Contributor

@masterT masterT commented Apr 1, 2023
edited
Loading

Retrieve the request CSRF token from the HTTP header X-CSRF-Token in the case the params _csrf_token is not provided.

Reference:

masterT
masterT commented Apr 1, 2023
View reviewed changes
lib/hanami/action/csrf_protection.rb
#
# Override this method, for custom handling of the request token retrieval.
#
# @since 2.X.X
Copy link
Contributor Author

@masterT masterT Apr 1, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What should the version be?

Copy link

@krzykamil krzykamil Oct 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is planned for 2.3.0

@timriley
Copy link
Member

timriley commented Apr 3, 2023
edited
Loading

Thanks for putting this together, @masterT! However, rather than leave this as a hook inside actions for users to override, I'd prefer we just fully build in support for checking the header for the CSRF token in addition to the request's params.

Would you like to have a go at doing that?

@masterT
Copy link
Contributor Author

masterT commented Apr 3, 2023

Sure, I will craft something.

@masterT masterT changed the title feat: Support custom CSRF token retrieval. feat: Support CSRF token retrieval from header "X-CSRF-Token" Apr 4, 2023
@masterT
Copy link
Contributor Author

masterT commented Apr 4, 2023

I did implement your suggestion, this is ready for review. 🙂 @timriley

@timriley timriley moved this to Todo in Hanami 2.3 Sep 9, 2025
@krzykamil krzykamil moved this from Todo to In Progress in Hanami 2.3 Oct 18, 2025
krzykamil
krzykamil approved these changes Oct 18, 2025
View reviewed changes
Copy link

@krzykamil krzykamil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM :)

@timriley timriley force-pushed the feature-custom-csrf-token-retrieval branch from 184fa47 to 32f467d Compare November 7, 2025 00:00
@timriley
Copy link
Member

timriley commented Nov 7, 2025

Thanks again for this feature, @masterT! Your second round of changes looks perfect, and I'll be very happy for us to release this with Hanami 2.3 next week :)

@timriley timriley merged commit f302a79 into hanami:main Nov 7, 2025
7 checks passed
@github-project-automation github-project-automation bot moved this from In Progress to Done in Hanami 2.3 Nov 7, 2025
@timriley timriley mentioned this pull request Nov 13, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@krzykamil krzykamil krzykamil approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Hanami 2.3
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@masterT @timriley @krzykamil