-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF in NextJS with next-http-proxy-middleware conflict #57
Comments
Here is a request/response data regarding sending a POST request with Proxy ( failed ) and Without it ( successful ): PS: Some data has been changed to "bla bla bla" or fake tokens for security 🙏🏻 // REQUEST - No Proxy:
// REQUEST - with Proxy:
// RESPONSE - No Proxy:
// RESPONSE - with Proxy:
|
It looks like the request to |
Hi @amorey ,
The problem to be specific is that my form payload on POST request is:
and the error is get is that webform_id is null even thou it's present in the payload ! but when i remove CSRF it works just fine. It might be a conflict between CSRF and Http Proxy i guess since the data i receive in the backoffice is a Buffer! To fix this issues, Would you please @amorey give us the detailed steps on how CSRF get validated from the creating of it ? This would be super helpful ! Thanks |
Here's the code block that gets the token from the request ( Can you share a minimal example that demonstrates the error? |
Thanks @amorey, I wish i could, but it's a company project ( for a client ) and it's huge, making a minimal example would take a lot because it has multiple functionalities and packages 🙏🏻 I appreciate your help buddy 😄 |
FIX: #59 |
Hello @amorey ,
I am currently facing an issue using @edge-csrf/node-http with next-http-proxy-middleware in my Next.js 14 project. My project is connected to a Drupal CMS backend. In brief, I have a form in my Next.js project that sends a POST request to Drupal.
Everything was working fine when I was using the CSRF protection from next-auth/react. However, after implementing @edge-csrf/node-http in my custom Node.js server within my Next.js project, I receive the following response instead of the actual data (with a 400 error) when sending a POST request:
array:1 [ "{"type":"Buffer","data":_100,111,99,117,109,101,110,116,95,99,118,61,38,99,115,114,102,95,116,111,107,101,110,61,65,65,104,83,116,67,51,8" => "" ]
Is there something I might have missed adding to my proxy code, such as an @edge-csrf functionality or configuration?
All my requests passes by this proxy:
Thank you for your assist
The text was updated successfully, but these errors were encountered: