Nuxt Security routeRules csurf
I am using csrf with nuxt security, and there a document for per route settings using the "csurf" config with route rule, but in nitro route rule there are no object for "csurf".
could you help me out guys ?
Ref:
- Nuxt Security: https://nuxt-security.vercel.app/middleware/csrf
- Nitro: https://nitro.build/config#routerules
Nuxt Security
Cross Site Request Forgery (CSRF) - Nuxt Security
Protect user actions from unwanted state change.
2 Replies
Hi @parzival. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
I understand your confusion about using
csurf configuration with route rules in Nuxt Security. However, I need to clarify that the knowledge sources provided to me don't contain specific information about Nuxt Security's CSRF middleware or how to configure csurf in route rules.
Based on the knowledge sources available, I can see that Nuxt supports various route rule properties, but the documents don't explicitly mention csurf as a standard Nitro route rule property. The knowledge sources show examples of route rules like ssr, prerender, isr, appLayout, and appMiddleware, but don't cover CSRF-specific configuration.
What I can tell you:
From the knowledge sources, I can see that:
1. Route rules in Nuxt can be extended with custom properties through modules - as shown in the feat(nuxt): support appLayout in route rules PR, where custom properties can be added to the route rules type system.
2. The feat(nuxt): add appMiddleware route rule PR demonstrates that middleware can be configured via route rules.
My recommendation:
Since csurf appears to be a Nuxt Security module-specific configuration, it's likely that the Nuxt Security module extends the standard Nitro route rules with its own properties. This is a common pattern in Nuxt modules. The fact that you don't see csurf in the standard Nitro route rules documentation is expected - it would be added by the Nuxt Security module itself.
I'm sorry, but the knowledge sources don't contain enough information about Nuxt Security's specific implementation to provide detailed guidance on configuring CSRF per route. I'd recommend checking the Nuxt Security module's documentation or reaching out to their community for specific guidance on this feature.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------<@835499304365064192> Kapa.ai is still learning and improving, please let me know how I did by reacting below.