RPC "use server" and CSRF Attacks
I’m looking to better understand the CSRF risks associated with SolidStart, specifically regarding the use of RPC calls with the
In Next.js, when I process a form with server actions, the risk of CSRF attacks is significantly reduced for a few reasons:
1. Server actions are limited to
2. Modern browsers enforce
3. I can further enhance security by ensuring that all cookies have the
With SolidStart, using
Given this, I believe the same three points regarding CSRF risk reduction should apply to SolidStart as well.
Am I correct in my understanding? If not, what potential CSRF risks should I be aware of when using RPC calls in SolidStart?
Thank you!
Chris
"use server"In Next.js, when I process a form with server actions, the risk of CSRF attacks is significantly reduced for a few reasons:
1. Server actions are limited to
POST2. Modern browsers enforce
Same-Site3. I can further enhance security by ensuring that all cookies have the
SameSite=StrictHttpOnlySecureWith SolidStart, using
"use server"HTTP POSTGiven this, I believe the same three points regarding CSRF risk reduction should apply to SolidStart as well.
Am I correct in my understanding? If not, what potential CSRF risks should I be aware of when using RPC calls in SolidStart?
Thank you!
Chris
