07. Cross-Site Request Forgery/01. CSRF Setup (🏁 solution)

CSRF Setup

πŸ‘¨β€πŸ’Ό Great! You should now be able to get that cookie value set in the browser's "cookie jar." You can verify this by opening the browser's developer tools and looking at the cookies for the page under the "Application" tab. The cookie will be called "csrf" and have a value that looks like a bunch of nonsense like:
IjdDa3p6WkV1d3NNel&nev3r&60nna&gIv3&yoU&uP&UW0zYmxDMDNyRjQi.NM71601wmCvZ%2FZaGIG6wV%2FuX%2FvGafzDEAmamK1hNu88
And while you can't visually verify it, that (unsigned) token value is in the browser as well. You can check by executing this in the console (note that this will only work when viewing the app in a separate tab, else it will look for the token at the wrong port):
__remixContext.state.loaderData.root.csrfToken
Which should get you something like this:
7Ck&Nev3r&60nna&1et&yoU&d0wn&UOfQm3blC03rF4
So the next step is to get that into our form and verify it to prove that the form was submitted using our app and not some other site. Let's go!
← PreviousNext β†’
Edit on GitHub
problemsolutiondiffchat
Login to get access to the exclusive discord channel.
  • πŸ”­foundations
    πŸ’Ύdata
    general
    πŸ“forms
    πŸ”auth
    Thank you for the inspiration
    Binalfew πŸš€ 🌌:
    <@105755735731781632> I wanted to thank you for the incredible knowledge I gained from your Epic Web...
    • ❀️1
     1 Β· 3 days ago
  • general
    Welcome to EpicWeb.dev! Say Hello πŸ‘‹
    Kent C. Dodds β—† πŸš€πŸ†πŸŒŒ:
    This is the first post of many hopefully!
    • 18
     81 Β· 2 months ago
  • general
    npm install everytime I setup a new playground
    Duki 🌌:
    Is it normal that I have to run `npm install` in my playground directory, everytime I setup the play...
    • βœ…1
     2 Β· 2 months ago
  • πŸ“forms
    Review - Professional Web Forms
    Baghira 🌌:
    So I finished the second workshop last week. I wnated to digest and let some timepast before I wante...
    • βœ…1
     1 Β· 3 months ago
  • πŸ’Ύdata
    πŸ“forms
    πŸ”­foundations
    Reviewing foundations, Mutations, Actions
    silvanet πŸš€ 🌌:
    Forgive me for this. I went over the file size limit. I don't want to sign up for being able to exce...
    • βœ…1
     2 Β· 8 months ago
  • general
    Migration to Vite: Server-only module referenced by client
    Fabian 🌌:
    Hi, I'm working on migrating to Vite following the remix docs (https://remix.run/docs/en/main/guides...
    • βœ…1
     1 Β· 5 months ago
  • πŸ’Ύdata
    πŸ“forms
    Getting a TS error that is not present in the course files
    OtterlyPunk:
    So I'm working in parallel and I'm feeling the problem is I'm using a new version of something in my...
    • βœ…2
     12 Β· 9 months ago
  • general
    Remix Vite Plugin
    Binalfew πŸš€ 🌌:
    <@105755735731781632> Now that remix officially supports vite (though not stable) what does it mean...
    • βœ…1
     3 Β· a year ago
  • general
    πŸ”­foundations
    Solutions video on localhost:5639 ?
    quang πŸš€ 🌌:
    Hi, so I'm having a hard time navigating (hopefully will be better with time) The nav on epicweb.de...
    • βœ…1
     9 Β· a year ago
  • πŸ“forms
    Loading into disk
    DiogoVaz 🌌:
    I am going through the File Upload section and I completely understand the benefits of loading the a...
    • βœ…1
     2 Β· 6 months ago
  • general
    Epicshop is now social and mobile friendly!
    Kent C. Dodds β—† πŸš€πŸ†πŸŒŒ:
    I'm excited to announce that now the Epic Web workshops are mobile friendly! https://foundations.ep...
    • πŸŽ‰2
     0 Β· 7 months ago
  • πŸ’Ύdata
    πŸ“forms
    πŸ”­foundations
    How can I do this?
    silvanet πŸš€ 🌌:
    Viewing the Intro (from the Workshop) for Mutations, the course has an embedded video where Kent exp...
    • βœ…1
     3 Β· 8 months ago
  • πŸ’Ύdata
    general
    πŸ“forms
    πŸ”­foundations
    double underscore?
    trendaaang 🌌:
    What with the `__note-editor.tsx`? I don't see that in the Remix docs and I don't remember Kent talk...
    • βœ…1
     2 Β· 8 months ago
  • πŸ“forms
    Unable to start the playground
    Payapula πŸš€ 🌌:
    Today morning I have updated the workshop for web-form - https://github.com/epicweb-dev/web-forms/co...
    • βœ…1
     16 Β· 9 months ago
  • πŸ”­foundations
    πŸ’Ύdata
    general
    πŸ“forms
    πŸ”auth
    Native Logging
    trendaaang 🌌:
    I was thinking that it could be useful to log every CRUD operation to help track down errors. Is tha...
    • βœ…1
     6 Β· 9 months ago
  • πŸ“forms
    File upload `unstable_parseMultipartFormData` vs `File`
    QzCurious 🌌 πŸš€:
    I'd like to ask why we want to use `unstable_parseMultipartFormData` at first place? It seems to me ...
    • βœ…1
     8 Β· 9 months ago
  • πŸ“forms
    Purpose of conform.fieldset() in the excercise
    blue_cat_blues 🌌 πŸš€:
    In the solution for Web forms 05/01 (complex structures/ nested objects) there is a call to `conform...
    • βœ…1
     4 Β· 9 months ago