I’m trying to secure a Phoenix channel with csrf protection.
My plan was to embed <%= csrf_meta_tag() %> in the app layout template, as LiveView does it.
No problem passing the csrf token from the client to the server via the websocket params and extracting from the params on the Phoenix side, but now I’m a bit stuck… I can’t find an easy way to validate the csrf token.
In the docs for the csrf protection plug I can’t find anything that looks like a plain “validate the token” function. Did I miss something?
Thinking about switching to the easier to understand approach of using Phoenix.Token.sign and Phoenix.Token.verify instead, but thought I’d check here first before I do.
Thank you.
