Home » vue » Is csrf enough for security when posting data to server via axios?

Is csrf enough for security when posting data to server via axios?

Posted by: admin November 26, 2021 Leave a comment

Questions:

I use Laravel for a project. It is not a vue SPA, so no route used at all. The register, login and some other form inputs and outputs are made with modals using vue. For posting the form vars axios is used. For server side authentication laravels standard auth is used. But here is no other authentication like jwt. Should I use other auth types or would csrf be enough? Are there other suggestions?

Answers:

Usually for web routes csrf token is enough secure or it has been so far. And it does:

  1. Check if the request is a reading request (HEAD, GET, OPTIONS).

  2. If so, skip the check. Match the token from the _token input or from the headers.

  3. Add a cookie with the token to each request.

If you are using api routes then you can chose from Laravel passport which you can setup oAuth2 or you could build your own custom auth middleware using jwt tokens.