Since the last version (5.2), cookies are disabled in Lumen. I'm currently making an API in Lumen with JWT authentication.
To secure my application from CSRF attacks I need to set a csrf cookie. But what is the best way to handle that now?
Asked
Active
Viewed 2,608 times
1 Answers
2
VerifyCsrfToken Middleware was removed in this commit.
From Lumen 5.2 documentation:
Lumen 5.2 represents a more decided shift towards focusing on stateless APIs.
So, if you need Csrf Token verification, you have to implement it storing it in a meta tag or inside a JWT payload as a private claim (you will need to implement the new claim, i.e.: here).
If it was removed, there's probably a good reason. Here I let some links that maybe can help you move on.
CSRF Token necessary when using Stateless(= Sessionless) Authentication?
Where to store JWT in browser? How to protect against CSRF?
https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage#post-2748616172
Lucas Silva
- 1,361
- 1
- 13
- 18