Skip to content

Implementar CSRF protection middleware #93

Open
Open
Implementar CSRF protection middleware#93
Labels
area: coreCore do frameworkphase: 4Fase 4 - Featurespriority: mediumMedia prioridadetype: securitySeguranca

Description

@MarcosBrendonDePaula
MarcosBrendonDePaula
opened on Mar 14, 2026

Problema

Nao ha protecao CSRF implementada. Live Components e formularios estao vulneraveis a CSRF attacks.

Solucao

  1. Criar middleware de CSRF token (generate + validate)
  2. Endpoint GET /__csrf para obter token
  3. Validar token em requests POST/PUT/DELETE via header X-CSRF-Token
  4. SameSite cookie enforcement
  5. Integrar com Live Components (enviar token no handshake WebSocket)

Esforco Estimado

3-5 dias

Metadata

Metadata

Assignees

No one assigned

    Labels

    area: coreCore do frameworkphase: 4Fase 4 - Featurespriority: mediumMedia prioridadetype: securitySeguranca

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions