blob: e39c9a22af7aa46db49c3d5d6327fae717bc0afb (
plain) (
blame)
1
2
3
4
5
6
7
8
|
<tt>
<div dir="ltr">Hello group,<div><br></div><div style>I am trying to put together a CSRF middleware�<a href="https://github.com/rambocoder/stable/commit/b26980d292ac42aadfe9921a961436e28cdbb693">https://github.com/rambocoder/stable/commit/b26980d292ac42aadfe9921a961436e28cdbb693</a>�and if the body of the request contains "_csrf" token, I check to make sure it matches the csrf token in the session.</div><br>
<div style><br></div><div style>Currently I am doing it in middleware using cowboy_req:body_qs/1 however when in the handler I need to read another body parameter, such as in the rest_pastebin example:</div><div style><br><br>
</div><div style><div><span class="" style="white-space:pre"> </span>{ok, BodyQs, Req3} = cowboy_req:body_qs(Req),</div><div><span class="" style="white-space:pre"> </span>Paste = proplists:get_value(<<"paste">>, BodyQs),<br><br>
</div><div><br></div><div>cowboy_req:body_qs/1 returns [] due to the body of the request being already read�{body_state,done}<br></div><div><br></div><div style>Is it pointless to have the type of CSRF middleware that I am writing and just do the CSRF in the handler's callback, where I can deal with all the body_qs at once?</div><br>
<div style><br></div><div style>Thank you,</div><div style><br></div><div style>rambocoder</div></div></div><br>
</tt>
|