[99s-extend] Reading body_qs multiple times

Loïc Hoguin essen at ninenines.eu
Mon Apr 15 22:47:47 CEST 2013

Previous message: [99s-extend] Reading body_qs multiple times
Next message: [99s-extend] Reading body_qs multiple times
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Why not just put the token in the URL instead? if it's CSRF then it's 
probably used only once and only for POST and the like, so not cached or 
anything.

On 04/15/2013 10:45 PM, rambocoder wrote:
> Hello group,
>
> I am trying to put together a CSRF middleware
> https://github.com/rambocoder/stable/commit/b26980d292ac42aadfe9921a961436e28cdbb693 and
> if the body of the request contains "_csrf" token, I check to make sure
> it matches the csrf token in the session.
>
> Currently I am doing it in middleware using cowboy_req:body_qs/1 however
> when in the handler I need to read another body parameter, such as in
> the rest_pastebin example:
>
> {ok, BodyQs, Req3} = cowboy_req:body_qs(Req),
> Paste = proplists:get_value(<<"paste">>, BodyQs),
>
> cowboy_req:body_qs/1 returns [] due to the body of the request being
> already read {body_state,done}
>
> Is it pointless to have the type of CSRF middleware that I am writing
> and just do the CSRF in the handler's callback, where I can deal with
> all the body_qs at once?
>
> Thank you,
>
> rambocoder
>
>
> _______________________________________________
> Extend mailing list
> Extend at lists.ninenines.eu
> http://lists.ninenines.eu:81/listinfo/extend
>


-- 
Loïc Hoguin
Erlang Cowboy
Nine Nines
http://ninenines.eu

Previous message: [99s-extend] Reading body_qs multiple times
Next message: [99s-extend] Reading body_qs multiple times
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Extend mailing list