Skip to content
This repository has been archived by the owner on Jan 24, 2021. It is now read-only.

Disabled Csrf hook by default #989

Merged
merged 1 commit into from
Feb 17, 2013
Merged

Disabled Csrf hook by default #989

merged 1 commit into from
Feb 17, 2013

Conversation

grumpydev
Copy link
Member

As we haver a mix of people using Nancy for views and services,
and as creating the Csrf cookie is very expensive and validation
of it requires manual work anyway, having it runnign automatically
on every request is wasteful, and is especially harmful with clients
that don't store the cookie (so it gets regenerated every request)

Enabling it is just a single line in the bootstrapp app startup:

Csrf.Enable(pipelines);

@grumpydev
Disabled Csrf hook by default
fa529c5 
As we haver a mix of people using Nancy for views and services,
and as creating the Csrf cookie is very expensive and validation
of it requires manual work anyway, having it runnign automatically
on every request is wasteful, and is especially harmful with clients
that don't store the cookie (so it gets regenerated every request)

Enabling it is just a single line in the bootstrapp app startup:

Csrf.Enable(pipelines);
grumpydev added a commit that referenced this pull request Feb 17, 2013
@grumpydev
Merge pull request #989 from grumpydev/CsrfSwitchOff
d51187e 
Disabled Csrf hook by default
@grumpydev grumpydev merged commit d51187e into NancyFx:master Feb 17, 2013
@cmaish cmaish mentioned this pull request Jul 31, 2013
Merged
@grumpydev grumpydev deleted the CsrfSwitchOff branch April 7, 2014 09:17
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.17
Development

Successfully merging this pull request may close these issues.
3 participants
@grumpydev @thecodejunkie @CumpsD