how to add csrf protection on the api router hanlder
Unanswered
Black carp posted this in #help-forum
Black carpOP
How are you guys add csrf to your router hanlder in the nextjs ?
3 Replies
@Black carp How are you guys add csrf to your router hanlder in the nextjs ?
you don't need csrf protection if you just use json for form submissions
1. this needs csrf protection:
2. this does not need csrf protection because it's not vulnerable to csrf attacks:
3. this is vulnerable to csrf attacks but nextjs already handles the csrf protection for you automatically
<form action="/api/form" method="post">
...
</form>2. this does not need csrf protection because it's not vulnerable to csrf attacks:
<form onSubmit={async () => {
await fetch("/api/form", ...);
}}>
...
</form>3. this is vulnerable to csrf attacks but nextjs already handles the csrf protection for you automatically
<form action={async () => {
"use server";
// ...
}}>
...
</form>since we are in react land, it's very unlikely you are using method 1. if you are using methods 2 and 3, there is nothing you need to do.