Level 80
@tnort Follow Sanctum’s example and request a CSRF token from the server, and then submit that token as part of the form. The form will only be handled if it is submitted alongside a valid CSRF token, then.
May 16, 2024
8
Level 4
How to handle a basic token with Vue spa?
Hi,
I looked at the available resources and got confused and wanted to get some expert advice if possible.
I have a Vue page with a form on it. The page is public and acts as a landing page. When the user submits the form it should be sent to a protected endpoint which is basic token protected.
So how would I securely store and pass the token as part of the request?
Looking at the options I cannot find a secure solution for handling the tokens :(
Level 4
@martinbean, ok the CSRF token makes sense but I don't think I need it. I am worried about the basic token that I need to store/get from somewhere and pass it as part of the request to authenticate the endpoint.
Level 80
@tnort I have no idea what you mean by “basic token”.
Level 4
@martinbean, authentication basic token, the one which is composed of username:password.
Level 80
@tnort And where do you get this token from? As I have no idea how your application works or authenticates users.
Level 4
@martinbean assuming I can read it from the env file. The problem is there is a protected route which needs that token. I am worried that it's not safe to send the token directly from the vue component.
Level 80
@tnort Why is a user authentication token in an .env file? That makes no sense. You don’t want to be sending anything from your .env file to the client side.
Level 4
@martinbean, I am not sending anything to the client, I inherited an API which is Basic Token Protected, thus when I submit a form I need to post the user inputs to that endpoint.
Please or to participate in this conversation.