i integrate next-csrf into my site which i build in nextjs but i am facing this issue

Question

i integrate next-csrf into my site which i build in nextjs but i am facing this issue

satishktak1988 opened this issue 4 years ago · 14 comments

satishktak1988 commented 4 years ago

Answer 1 · 2021-01-05T06:23:41.000Z

can any one let me know whats the issue

Answer 2 · 2021-01-14T11:13:44.000Z

yeah same issue, this package doesnt work.

Answer 3 · 2021-01-28T07:14:14.000Z

same issue

Answer 4 · 2021-02-14T23:50:15.000Z

same issue

Answer 5 · 2021-03-09T01:57:36.000Z

same issue, any solution?

Answer 6 · 2021-03-10T12:55:51.000Z

same issue

Answer 7 · 2021-03-13T11:03:06.000Z

@0lv3r4 any news about it ?

Answer 8 · 2021-04-13T09:30:19.000Z

Same issue, no hints toward a solution?

Answer 9 · 2021-04-13T09:37:31.000Z

Same issue, no hints toward a solution?

I did use another solution. I get csrf funtion from next-auth pkg.

Answer 10 · 2021-05-28T08:59:13.000Z

it's epic lol ))) the same issue. Guys, you are proposing to use your lib but it doesn't work

Answer 11 · 2021-06-15T12:00:26.000Z

I am not using this library anymore, but this issue can be fixed by applying these patches to your fork and then running npm run build

diff --git a/rollup.config.js b/rollup.config.js
index 1bb0b45..b0ed382 100644
--- a/rollup.config.js
+++ b/rollup.config.js
@@ -13,6 +13,6 @@ export default [
             { file: pkg.module, format: "es" },
         ],
         plugins: [typescript(), commonjs(), resolve(), analyze()],
-        external: ["crypto"],
+        external: ["crypto", "util"],
     },
 ];
diff --git a/src/middleware/csrf.test.ts b/src/middleware/csrf.test.ts
index 5a1c663..9eee9e0 100644
--- a/src/middleware/csrf.test.ts
+++ b/src/middleware/csrf.test.ts
@@ -30,7 +30,8 @@ describe("csrf middleware", () => {
       csrf((req: NextApiRequest, res: NextApiResponse) => {
         return res.status(200).json({ message: "Hello, world." });
       }),
-      apiPreviewPropsMock
+      apiPreviewPropsMock,
+      true
     );
   };

Answer 12 · 2021-06-15T15:44:50.000Z

Hey all. Sorry, I haven't had time to fix this, but I will test @sushantdhiman's solution and apply it soon (I hope today).

But as an alternative, you can use the CSRF function from https://next-auth.js.org/ just like @kriscannabis mentioned.

Answer 13 · 2021-06-18T07:26:58.000Z

Getting this error as well. I was able to sort of fix it.

When trying to build I get a warning for circular dependencies in util

(!) Circular dependencies node_modules\assert\node_modules\util\util.js -> node_modules\assert\node_modules\inherits\inherits.js -> node_modules\assert\node_modules\util\util.js node_modules\assert\node_modules\util\util.js -> node_modules\assert\node_modules\inherits\inherits.js -> C:/Users/jkngsly/Desktop/next-csrf/next-csrf/node_modules/assert/node_modules/util/util.js?commonjs-proxy -> node_modules\assert\node_modules\util\util.js created dist/next-csrf.js, dist/next-csrf.esm.js in 3s

webpack/webpack#1019 (comment)
To quote @jhnns:
"Yep, it's a circular dependency. util uses console.log() which triggers webpack to include console-browserify which requires assert which requires util → voilà :)"

So I commented out the following:

node_modules/util/utils.js line 546
console.log('%s - %s', timestamp(), exports.format.apply(exports, arguments));

After running npm run build again and the circular-dependencies error was gone, I copied dist/next-csrf.js into my project, imported, and ran it successfully.

Answer 14 · 2021-06-22T19:26:11.000Z

Getting the same issue as above.