Is it a good practice to store a CSRF token in redux? I was passing it with props before (to add it to Axios headers). I have a rails back end and I am using the gem react-rails, my components are server rendered, so I did not come up with any other way of doing so but passing the CSRF token to the component.
Is it a good practice adding the CSRF token in redux store?
1.2k Views Asked by Gotey At
1
There are 1 best solutions below
Related Questions in RUBY-ON-RAILS
- Rails HABTM: Select everything a that a record 'has'
- Best way to make an HABTM association via console
- dynamically create an ical / ics file from a rails model
- Ruby destroy is not working? Or objects still present?
- NoMethodError: undefined method `update_average_rating' for nil:NilClass
- Select results where joined table contains records with an attribute, but without another
- Showing posts only created when boolean was true
- Ruby on rails and HAML - Print a hash with background color
- How can I monitor an endpoint's status with Ruby?
- How to create dynamic pages without form_for helper in Rails?
- Rails 4.2 jQuery loads only after refresh
- "Access Denied" - User's Permissions to S3 Bucket
- ActiveRecord, Rails 4: has_many :through with scoped conditions failure
- Rails - formatting a list of options
- Rails - Ajax do not work properly on production server
Related Questions in REACTJS
- What is `_dereq_()` inside React?
- React TypeError: React.renderComponent is not a function
- React - saving a component in the ref callback
- React Rails component: manually triggering a re-render
- React, ES6 - getInitialState was defined on a plain JavaScript class
- How to get multiple selected options value in React JS?
- React.render replace container instead of inserting into
- reactjs datagrid use html
- props is not initialized in react component
- How to display xml data using Reactjs
- hooking up the data model in ReactJS - syntax
- ReactJS: How to use an immutable empty array or object
- How to use Sinon.js FakeXMLHttpRequest with superagent?
- React select onChange is not working
- ReactJS - Tutorial Comment System > Threaded commenting
Related Questions in REDUX
- How to split routes to different files with Redux and React-router?
- redux-saga, TypeError: (0 , _effects.takeLatest) is not a function?
- Expose Redux store api using webpack instead of global
- Using the Angular 2 Http client in order to rehydrate application state in a ngrx meta reducer
- Redux-thunk dispatch is not a function
- show 10 results per page
- Replicating the action on redux-thunk to redux-saga
- redux-saga: tracking multiple async tasks
- Redux saga, rx-observable. With vanilla fetch calls, why the need over thunks?
- Handling many entities on Redux without repetition
- React Native & Redux props correct design pattern
- React native + redux-persist: how to ignore keys (blacklist)?
- How to cancel execution of a previous action upon a new action?
- What is the use of the ownProps arg in mapStateToProps and mapDispatchToProps?
- Concat actually concatenates instead of adds to array. React Native Javascript
Related Questions in CSRF-TOKEN
- Is CSRF Security Dependent on Front-End?
- Sinatra how use Rack::Protection::AuthenticityToken except for certain api routes
- Laravel CSRF session expiry on Heroku
- AJAX request and csrf token
- CSRF token value when same page is opened in two tabs on same machine?
- CSRF protection in spring mvc using spring security
- CSRF token on a web page with multiple forms?
- How to get Laravel's CSRF Token from Another Website?
- React + Laravel + Sanctum for api token authentication(NOT cookie)
- Laravel CSRF token for API (prod API access from localhost and prod site)
- ForbiddenError: invalid csrf token using express.js
- how to add #{authenticityToken /} to all playframework forms
- JMeter is not accepting variable values for CSRFToken
- CSRF Token missing when trying to get GET request from DVWA
- How can I fix CSRF Request Validation Token error
Related Questions in REACT-RAILS
- React Rails component: manually triggering a re-render
- How do I add an action to a form in React-Rails?
- Adding styling to rails react component wrapping div
- React.js, handling onMouseOver event
- changing props in react_component when using react_rails
- Webpacker adding "dist" folders
- Using renderToNodeStream with react-rails / webpacker
- webpack-dev-server compiling very slow in rails app
- Fetch Rails i18n translations to be rendered in React
- Element type is invalid when pre-rendering a component with react-rails in a erb view
- onChange function not working in a react component in a erb with react-rails
- No such file or directory @ rb_sysopen when using a component with react-rails gem
- React Color Picker on bootstrap navbar
- Load fonts from node_modules in react-rails application with webpack
- react-helmet with react-rails server side rendering
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
It's fine to store the token in your Redux store.
The purpose of the token is to prevent other sites/origins from making non-GET (POST, PUT, DELETE) requests to your API. Without it, a malicious site could make the request and piggyback on the cookies and session stored in your browser. In a plain HTML server-rendered Rails app, this token is put directly into the HTML, making it available to any JavaScript on that page. So, it's not private information for any code on the pages you control.
Nonetheless, given it's global nature and that you might need it outside of the context of Redux, it's probably best to put it on
windowfor anyone to use:Any time you call
fetch, you can include these headers:Since you're using
react-rails, you can also pass it to your component as props:If you're not relying on Rails sessions for authentication (with a Bearer token, for instance), you can also disable the CSRF token entirely with this line in your
ApplicationController: