mirror of
https://github.com/tokio-rs/axum.git
synced 2025-03-13 19:27:53 +01:00
Add note about missing CSRF validation in oauth example (#2512)
This commit is contained in:
parent
9ebd105d04
commit
358f196810
1 changed files with 5 additions and 0 deletions
|
@ -143,6 +143,11 @@ async fn index(user: Option<User>) -> impl IntoResponse {
|
|||
}
|
||||
|
||||
async fn discord_auth(State(client): State<BasicClient>) -> impl IntoResponse {
|
||||
// TODO: this example currently doesn't validate the CSRF token during login attempts. That
|
||||
// makes it vulnerable to cross-site request forgery. If you copy code from this example make
|
||||
// sure to add a check for the CSRF token.
|
||||
//
|
||||
// Issue for adding check to this example https://github.com/tokio-rs/axum/issues/2511
|
||||
let (auth_url, _csrf_token) = client
|
||||
.authorize_url(CsrfToken::new_random)
|
||||
.add_scope(Scope::new("identify".to_string()))
|
||||
|
|
Loading…
Add table
Reference in a new issue