Replies: 3 comments 4 replies
-
|
Has this been implemented yet? |
Beta Was this translation helpful? Give feedback.
-
|
For anyone who'd came across this question next-auth/packages/core/src/lib/index.ts Line 190 in 8b38d32 |
Beta Was this translation helpful? Give feedback.
-
|
@MasterLambaster Any chance you could include an example of how to use this? |
Beta Was this translation helpful? Give feedback.
-
|
@henricook It's an option that you have to pass to the const authConfig = {
providers: [
GitHubProvider({
clientId: process.env.GITHUB_ID,
clientSecret: process.env.GITHUB_SECRET,
}),
],
skipCSRFCheck: true,
};
export default async function handler(req, res) {
const { nextauth, provider, ...rest } = req.query
req.query = { nextauth: [nextauth, provider], ...rest }
return await NextAuth(req, res, authConfig)
} |
Beta Was this translation helpful? Give feedback.
-
|
Is this released? I'm using next-auth 4.22.1 and skipCSRFCheck is not in it |
Beta Was this translation helpful? Give feedback.
-
|
it's been a year and its still on beta not released yet. It has many breaking changes though |
Beta Was this translation helpful? Give feedback.
-
|
any update on this |
Beta Was this translation helpful? Give feedback.
-
Description 📓
Currently it's not possible to use next-auth without a CSRF token. This makes it impossible to use your next-auth powered API outside a next app. CSRF token's are only used for web app requests bc their point is to protect against XSS attacks.
How to reproduce ☕️
Try to submit an api request without an CSRF token.
Contributing 🙌🏽
Yes, I am willing to help implement this feature in a PR
Beta Was this translation helpful? Give feedback.
All reactions