07. Cross-Site Request Forgery/01. CSRF Setup (πŸ’ͺ problem)

CSRF Setup

πŸ‘¨β€πŸ’Ό We've got to get some things set up with the remix-utils CSRF utilities before we can actually start protecting our forms. We'll dive deeper into cookies in the Web Auth workshop later, but you do need to set a signed cookie in the user's browser so you can use Remix's createCookie to help with that.
import { createCookie } from '@remix-run/node'

const cookie = createCookie('csrf', {
	path: '/',
	httpOnly: true,
	secure: process.env.NODE_ENV === 'production',
	sameSite: 'lax',
	secrets: process.env.SESSION_SECRET.split(','),
})
🐨 Go ahead and stick that in
app/utils/csrf.server.ts
.
You'll notice we're using another environment variable. 🐨 You'll need to set that up like we did with the HONEYPOT_SECRET earlier.
Feel free to read the Remix docs all about cookies if you want to learn more about these options, but we'll get to this stuff in more depth in the Web Auth workshop.
🐨 Once you have the cookie object created, you can use that to create a CSRF utility;
import { CSRF } from 'remix-utils/csrf/server'

// ...

export const csrf = new CSRF({ cookie })
Now, we need to get the user's unique token in our UI for our forms and in the user's cookie so we can validate it on the server. We'll do that in
app/root.tsx
. 🐨 See you there!
← PreviousNext β†’
Edit on GitHub
problemsolutiondiffchat

Please set the playground first

Loading "CSRF Setup"
Loading "CSRF Setup"
Login to get access to the exclusive discord channel.
  • general
    epic stack website initial load at home page is unstyled (sometimes)
    osmancakir πŸš€ 🌌:
    Sometimes (especially when it is loaded first time on a new browser etc.) I see this unstyled versio...
    • βœ…1
     10 Β· 3 months ago
  • general
    Welcome to EpicWeb.dev! Say Hello πŸ‘‹
    Kent C. Dodds β—† πŸš€πŸ†πŸŒŒ:
    This is the first post of many hopefully!
    • 18
     86 Β· 2 years ago
  • general
    Resource / Api endpoints on epic stack / RR7
    Lucas Wargha πŸš€ 🌌:
    Hi everyone! Quick question for those using the Epic Stack: How are you handling resource routes ...
    • βœ…1
     2 Β· 2 months ago
  • general
    Epic stack using tanstack form
    Lucas Wargha πŸš€ 🌌:
    https://github.com/epicweb-dev/epic-stack/compare/epicweb-dev:main...wargha:feature/tanstack-form-ex...
    • βœ…1
     3 Β· 2 months ago
  • general
    Init command outdated on the EpicWeb website
    Virgile πŸ† 🌌:
    Hi everyone. I've initialized a new epic-stack project yesterday. Following instructions from http...
    • βœ…1
     3 Β· 2 months ago
  • general
    Mark as complete, resets the first time you click it.
    Daniel V.C πŸš€ 🌌:
    Not sure if anyone else has had this issue, as i've not seen anyone else talk about it, but I find ...
    • βœ…1
     8 Β· 2 months ago
  • πŸ’Ύdata
    general
    πŸ“forms
    πŸ”­foundations
    double underscore?
    trendaaang 🌌:
    What with the `__note-editor.tsx`? I don't see that in the Remix docs and I don't remember Kent talk...
    • βœ…1
     2 Β· a year ago
  • general
    Keeping Epic Stack Projects Free on Fly – Any Tips?
    Lucas Wargha πŸš€ 🌌:
    I’ve been experimenting with the Epic Stack and deploying some dummy projects on Fly. I noticed that...
    • βœ…1
     0 Β· 3 months ago
  • πŸ“forms
    Schema Validation- Native HTML Validation?
    edpau πŸš€:
    I just finished Schema Validation, 03. Conform form utils, I disabled JavaScript, removed the conten...
    • βœ…1
     2 Β· 4 months ago
  • πŸ’Ύdata
    general
    πŸ“forms
    πŸ”­foundations
    Creating Notes
    Scott 🌌 πŸ†:
    Does anybody know in what workshop we create notes? I would like to see the routing structure. So fa...
    • βœ…1
     2 Β· 5 months ago
  • πŸ”­foundations
    πŸ’Ύdata
    general
    πŸ“forms
    πŸ”auth
    Thank you for the inspiration
    Binalfew πŸš€ 🌌:
    <@105755735731781632> I wanted to thank you for the incredible knowledge I gained from your Epic Web...
    • ❀️1
     1 Β· 5 months ago
  • general
    npm install everytime I setup a new playground
    Duki 🌌:
    Is it normal that I have to run `npm install` in my playground directory, everytime I setup the play...
    • βœ…1
     2 Β· 7 months ago
  • πŸ“forms
    Review - Professional Web Forms
    Baghira 🌌:
    So I finished the second workshop last week. I wnated to digest and let some timepast before I wante...
    • βœ…1
     1 Β· 8 months ago
  • πŸ’Ύdata
    πŸ“forms
    πŸ”­foundations
    Reviewing foundations, Mutations, Actions
    silvanet πŸš€ 🌌:
    Forgive me for this. I went over the file size limit. I don't want to sign up for being able to exce...
    • βœ…1
     2 Β· a year ago
  • general
    Migration to Vite: Server-only module referenced by client
    Fabian 🌌:
    Hi, I'm working on migrating to Vite following the remix docs (https://remix.run/docs/en/main/guides...
    • βœ…1
     1 Β· 10 months ago
  • πŸ’Ύdata
    πŸ“forms
    Getting a TS error that is not present in the course files
    OtterlyPunk:
    So I'm working in parallel and I'm feeling the problem is I'm using a new version of something in my...
    • βœ…2
     12 Β· a year ago
  • general
    Remix Vite Plugin
    Binalfew πŸš€ 🌌:
    <@105755735731781632> Now that remix officially supports vite (though not stable) what does it mean...
    • βœ…1
     3 Β· 2 years ago
  • general
    πŸ”­foundations
    Solutions video on localhost:5639 ?
    quang πŸš€ 🌌:
    Hi, so I'm having a hard time navigating (hopefully will be better with time) The nav on epicweb.de...
    • βœ…1
     9 Β· 2 years ago
  • πŸ“forms
    Loading into disk
    DiogoVaz 🌌:
    I am going through the File Upload section and I completely understand the benefits of loading the a...
    • βœ…1
     2 Β· a year ago
  • general
    Epicshop is now social and mobile friendly!
    Kent C. Dodds β—† πŸš€πŸ†πŸŒŒ:
    I'm excited to announce that now the Epic Web workshops are mobile friendly! https://foundations.ep...
    • πŸŽ‰2
     0 Β· a year ago
  • πŸ’Ύdata
    πŸ“forms
    πŸ”­foundations
    How can I do this?
    silvanet πŸš€ 🌌:
    Viewing the Intro (from the Workshop) for Mutations, the course has an embedded video where Kent exp...
    • βœ…1
     3 Β· a year ago