Skip to content

fix: csrf protection not working in iframe and certain environments#147

Merged
jakeprins merged 1 commit into
mainfrom
fix_csrf_3
Jun 22, 2026
Merged

fix: csrf protection not working in iframe and certain environments#147
jakeprins merged 1 commit into
mainfrom
fix_csrf_3

Conversation

@jonaslagoni

Copy link
Copy Markdown
Contributor

Because of session storage, there are cases where it will not work for certain customers.

We could just check if sessionStorage is available, if not dont use csrf protection, but technically storing and checking the nonce is not required. We just use it as a feature flag in a sense.

@github-actions

Copy link
Copy Markdown

size-limit report 📦

Path Size
dist/react-vault.cjs.production.min.js 292.29 KB (-0.05% 🔽)
dist/react-vault.esm.js 260.83 KB (-0.06% 🔽)

@jakeprins
jakeprins merged commit 5bbf962 into main Jun 22, 2026
2 checks passed
@jakeprins
jakeprins deleted the fix_csrf_3 branch June 22, 2026 07:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants