0xpolygon / chain-indexer-framework Goto Github PK

The library inserts the X-XSRF-TOKEN header using the secret XSRF-TOKEN cookie value in all requests to any server when the XSRF-TOKEN cookie is available, and the withCredentials setting is turned on. If a malicious user manages to obtain this value, it can potentially lead to the XSRF defence mechanism bypass.

Create an Axios instance with the following configuration, which enables cross-site request forgery (CSRF) protection by including credentials in requests:

  const instance = axios.create({
    withCredentials: true,
  });

Install the XSRF-TOKEN cookie with specific attributes. Set the cookie value "whatever" and configuring it for the "localhost" domain with strict same-site policy:

    const cookies = new Cookies();
    cookies.set("XSRF-TOKEN", "whatever", {
      domain: "localhost",
      sameSite: "strict",
    });

Initiate a cross-domain request using your Axios instance. In this example, we're making a GET request to "https://127.0.0.1/," and we handle the response and potential errors:

    instance
      .get("https://127.0.0.1")
      .then((res) => console.log(res.data))
      .catch((err) => console.error(err.message));

Code snippet

lib/adapters/xhr.js:191
const xsrfValue = (config.withCredentials || isURLSameOrigin(fullPath))

PULL Request Bug Fix #39

CWE-359: Exposure of Private Personal Information to an Unauthorized Actor
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

I've been trying to run the NFT Balancer example but I am unable to see any documents being updated in the token collection. I believe there seems to be an issue on the consumer or transformer side.

As seen in the screenshot there seems to be no apps.1442.nft.transfer topic.

When saving data, is it possible to support postgresql instead of mongodb, mongodb database is expensive, I hope postgresql can be supported.