Is it a good practice to store a CSRF token in redux? I was passing it with props before (to add it to Axios headers). I have a rails back end and I am using the gem react-rails, my components are server rendered, so I did not come up with any other way of doing so but passing the CSRF token to the component.
Is it a good practice adding the CSRF token in redux store?
1.2k Views Asked by Gotey At
1
There are 1 best solutions below
Related Questions in RUBY-ON-RAILS
- How to display legend box in tooltip text for amCharts 5 in Rails application?
- how to integrate cashfree payment gateway in ruby on rails project
- RSpec Capybara throwing Selenium error when trying to click a button with browser confirm
- rails minitest not picking up fixture properly, instance variable not percolating
- Duplicate GET requests - Rails & Heroku
- How to stub out current_user in JWT model for Rspec?
- NameError in Home#index
- Verifying Google Identity OAuth2 token with Ruby
- Error WebMock::NetConnectNotAllowedError in testing with stub using minitest in rails (using Faraday)
- why is mission_control-jobs erroring with load path error?
- Rescuing validation errors from a polymorphic association
- New error on random number assigned to local variable , Rails
- How to fix error in model with gem lockbox
- Images uploaded via Active Storage not displaying in Active Admin or on certain devices
- controller test_methods generating two errors intermittently
Related Questions in REACTJS
- ussd reader in Recket Native module
- Teams tab application returns SSO error in mobile Outlook
- Github Pages Deployment deploys a blank page
- Is there any way to glow this bulb image like a real light bulb
- Optimize LCP ReactJs
- Page in React only renders elements after refreshing
- Unable to Post Form Data to MongoDB because of picturepath
- MERN Stack App - User Avatar Upload - 500 Error After Deployment on Render
- Hooks are not supported inside an async component error in nextjs project using useQuery
- How to change the Font Weight of a SelectValue component in React when a SelectItem is selected?
- On the server side, it returns undefined but on the client side, logs the values no problem
- Multilevel dropdown with checkboxes in Select component
- TypeScript Error only on big type only when assigned to a variable
- Deployment through app engine, cloud sql database, problem connecting with server code, doesn't connect
- Data is not filtering in props. Showing passdata.map is not a function
Related Questions in REDUX
- Data in global storage appears only after the page is reloaded. Redux
- Monaco editor удаление таба
- my response stucks i dont get error or undefined
- import thunk from `redux-thunk` not working in stackblitz
- how to updated nested state array in extrareducer
- TypeScript Error: Expected 0 arguments, but got 1
- How do you mock the resolved value of an awaited dispatch
- Redux thinks that a thunk is a reducer when being dispatched within a callback
- Can I add a checkbox to the uploaded image to make it the cover image? AntD
- Redux migrate old state to a new state
- RTK async thunk takes only pending state on dispatch
- Accessing error object in response from API Slice redux toolit
- How to merge cached values using RTK query?
- Problem with routing in ReactJs and Redux
- Redux circular store ciruclar dependency
Related Questions in CSRF-TOKEN
- Laravel 11 with MongoDB: CSRF token doesn't work / 419 error on Login
- How can I get CSRF-Token of a site?
- Is checking whether req.body.csrfToken and req.cookies.csrfToken match is enough to prevent CSRF attack?
- When I turn on CSRF protection, it forbids all of my requests | Spring Security
- Problem Sending CSRF Token Between React Frontend and Flask Backend
- When loggin in with Cypress, I get a 403 error related to a CSRF token
- I implement {% csrf_token%} in my Django templates, but the token appears in the browser
- React to Laravel CSRF token mismatch
- CSRF token mismatch issue when deployed 2 same laravel project on the one server
- How to debug Python endpoint: works in Thunder Client but not in Python script
- Invalid csrf token due to session id regenerate
- Sails.js CSRF token always changing for POST request
- Laravel and React full API : login to site A log me on site B too
- I get "The CSRF token is invalid. Please try to resubmit the form" in the registration form
- CSRF Token Validation Issue with Symfony and AJAX with a custom DELETE method
Related Questions in REACT-RAILS
- Is it possible to share a cookie between two rails application running on same domain but different subdomain
- React rails gem server side rendering issue
- how to use server side rendering using 'react-rails', '~> 2.6.1' gem
- Cannot find module in ruby on rails app using react-rails
- Uncaught Error: Cannot find module '@hotwired/turbo-rails'
- How do I import an image in to react Im using rails 7
- Webpack dev server connection to "ws://localhost:__/ws' failed continuously printing in the console
- How can I use ERB inside a React component? [Rails 6]
- How do I dynamically create a React component from javascript in Rails/react-rails?
- react-table: hooks.visibleColumns undefined
- How to test react-rails components in rspec feature tests using Cuprite & Webdrivers
- I want to pass an HTMLDivElement as a React child. Is that impossible?
- Fetch Rails i18n translations to be rendered in React
- Uncaught ReferenceError: exports is not defined react-rails
- Uncaught ReferenceError: require is not defined react-rails
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
It's fine to store the token in your Redux store.
The purpose of the token is to prevent other sites/origins from making non-GET (POST, PUT, DELETE) requests to your API. Without it, a malicious site could make the request and piggyback on the cookies and session stored in your browser. In a plain HTML server-rendered Rails app, this token is put directly into the HTML, making it available to any JavaScript on that page. So, it's not private information for any code on the pages you control.
Nonetheless, given it's global nature and that you might need it outside of the context of Redux, it's probably best to put it on
windowfor anyone to use:Any time you call
fetch, you can include these headers:Since you're using
react-rails, you can also pass it to your component as props:If you're not relying on Rails sessions for authentication (with a Bearer token, for instance), you can also disable the CSRF token entirely with this line in your
ApplicationController: