You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Magnolia User Mailing List
Hello, I am using Magnolia as a headless cms. I have a separate frontend app, that makes requests to a Magnolia rest api. Now what I'd like to know is how one should implement CSRF protection in this scenario.I've read the docs about filters but I'm still not sure how to get this working. Storing and sending the tokens from my frontend app is not an issue so what I essentially need to know is how to generate a token once a users logs in via my rest endpoint. Afterwards how would I check whether the tokens included in requests to my api are valid or not. I was thinking of generating them myself, then setting up a custom filter, that would check whether these tokens are valid (so basically what CsrfSessionTokenFilter does)
NOTE: I have not exactly played around with the config of the aforementioned csrf filters, so this might be trivial to implement out of the box. Instead I tried playing around with a RestCsrfPreventionFilter (ended up breaking the whole app, cookies were not exactly workking when using it)
Roman Kovařík
unread,
Mar 7, 2024, 5:44:46 AMMar 7
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Magnolia User Mailing List, patrik....@servermechanics.cz
You might try to remove the bypass. AFAIK, the flow should be as follows: GET requests should generate the token into "csrf" cookie which is supposed to be sent in following POST requests as "csrf" parameter.