Giter Site home page Giter Site logo

Comments (4)

dougwilson avatar dougwilson commented on March 29, 2024

Pull request to add documentation welcome 👍

from csurf.

dougwilson avatar dougwilson commented on March 29, 2024

I took a look to just add it myself and it's already there in the README.

Since the request is to document it and it's already documented, I'm going to close the issue. If you would like it documented differently, that's OK and you can help us understand why you don't think it's currently documented and how it can be better (I usually suggest making a PR in this case, as usually that is the most straight forward way to get your thoughts across).

from csurf.

adon-at-work avatar adon-at-work commented on March 29, 2024

I guess you're referring to the last bullet, which sends the user to http://expressjs.com/en/4x/api.html#res.cookie

When set to an object, cookie storage of the secret is enabled and the object contains options for this functionality (when set to true, the defaults for the options are used). The options may contain any of the following keys:

  • key - the name of the cookie to use to store the token secret (defaults to '_csrf').
  • path - the path of the cookie (defaults to '/').
  • any other res.cookie option can be set.

That's pretty indirect and obscure to me at least. One has to visit doc of expressjs, then click thru to cookie-parser before knowing that req.secret is the location. I'm trying to get a consent before raising a PR (i guess it's easy for anyone to do that)

p.s. path is however in this README despite it's part of the "other res.cookie option"

from csurf.

dougwilson avatar dougwilson commented on March 29, 2024

You already have consent to make a PR to add whatever documentation you think would be helpful 👍 The only ones documented here directly and the ones in which the default values differ from res.cookie (because this module contains code to override them). Since it just uses the same underlying code, it used to get out of sync constantly, so it just sends the users to a link, which is why it's that way currently, as a user make a PR suggesting that was better than a out-of-date copy-paste.

If you have thoughts / ideas on how it should be and if we're going to copy-and-paste parts of other documentation what the method will be to keep it updated over time I'm all ears 👍 the doc is the way that someone came by and suggested, and I don't care either way, haha. Whatever is most useful to folks.

from csurf.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.