What do folks usually do for CSRF in Wasp ?
There are plenty of npm packages for CSRF protection, but wanted to make sure I check to see if there's a "waspy" way of doing it. What are other folks doing for this?
2 Replies
Hey @CondorTango ! Good question -> @Filip knows the most about this topic in our team and I remember he did some work in that direction so I would normally ask him to answer, but he is on vacation, so @miho do you have any thoughts on this?
We would certainly need to have a very good answer to this question once we reach 1.0 so I am happy to explore it here!
I can write a response a little later, but I believe @miho is actually more familiar with our custom API headers than I am anyway 😀