projects / pgwui_core / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5a8cdfe) | patch
Generate new CRSF token once per session instead of per request
authorKarl O. Pinc <kop@karlpinc.com>
Tue, 27 Aug 2024 23:44:39 +0000 (18:44 -0500)
committerKarl O. Pinc <kop@karlpinc.com>
Tue, 27 Aug 2024 23:44:39 +0000 (18:44 -0500)
commit11ec99cc05925e955ecff9967080ba777f0e67d7
tree2968bccfa4843b2a4a9df33d2d1f78cb982f6a0etree | snapshot
parent5a8cdfe00ccb13c89a5556ef6a47735efc63b888commit | diff
Generate new CRSF token once per session instead of per request

It is tempting to generate the token once per request and have
multiple windows in the browser share the token via javascript's
session local storage.  But there are a number of race conditions,
including not being able to submit a new request in the interval
between the server sending a response and the browser receiving
the response.  Per-request CSRF tokens are just too much bother
for what you get.
src/pgwui_core/core.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.