kemalcr/kemal-csrf

Allowed Routes

crisward opened this issue · 1 comments

I need to allow specific routes to skip past a csrf check. This is for callbacks from a payment gateway.

I plan to add an allowed_routes array to the config object. What do you think?
eg.

add_handler CSRF.new(
  header: "X_CSRF_TOKEN",
  allowed_methods: ["GET", "HEAD", "OPTIONS", "TRACE"],
  parameter_name: "_csrf",
  error: "CSRF Error",
  allowed_routes: ["/api/confirm_payment"]
)

If there is already a way to do this I'm not away of I'd be happy to hear it. Thanks.

This is definitely needed 👍