How should i do auth while using createServerFn() ?
are sessions the only way ? i saw useSession() in basic-auth but i dont know what it uses under the hood.. if its cookies then how can i do csrf without adding the csrf token as param to the function every time i want to write something ?
I would like to avoid cookies because of CSRF and avoid any database writes or file system writes because I'm trying to run it on the edge with cloudflare workers.
is there a way to add a global header setting like how it is in tanstack query where i could do something like "Authorization: "Bearer <token>" ?
hope I didn't miss something in the docs, and i couldn't find it. I understand its still in beta but I would be glad to help around writing docs and stuff. current Auth page just looks like an Ad instead of useful docs.
2 Replies
other-emerald•4mo ago
useSession uses cookies yes
what would you need in terms of csrf token here?
aside from that, you can use a client middleware: https://tanstack.com/start/latest/docs/framework/react/middleware#modifying-the-client-request
genetic-orangeOP•4mo ago
always assumed cookie based auth would need a csrf token with POST requests. I guess Same-Site: strict config would do
this is all i needed. thank you for the help! 🙂
loving the framework btw. It's the best out there.
tried allmost everything now.
cant wait for it to hit v1