Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change CSRF-Token name #138

Open
molerat619 opened this issue Apr 3, 2020 · 0 comments
Open

Change CSRF-Token name #138

molerat619 opened this issue Apr 3, 2020 · 0 comments

Comments

@molerat619
Copy link

Hey there.

I'm working on a legacy system and need to change the name of the CSRF-Token. I have tried many different options, but nothing seems to work.

app.use(lusca({
      csrf: {
        angular: true,
        // key: 'FirstTest'
        cookie: {
          // name: 'SecondTest',
          options: {
            xsrfCookieName: 'ThirdTest',
            domain: 'www.example.de'
          }
        }
      },
      xframe: 'SAMEORIGIN',
      hsts: {
        maxAge: 31536000, //1 year, in seconds
        includeSubDomains: false,
        preload: true
      },
      xssProtection: true
    }));

No matter what I do, the cookie is still called XSRF-TOKEN.

Background: My actual problem is that I'm sharing some cookies via the subdomain so .example.de in the frontend but another application also has a XSRF-TOKEN so in my requests to my backend it uses the wrong XSRF-Token because they are called the same... That's why I've tried to set ' includeSubDomains' to false, but it didn't help.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@molerat619