Merge pull request #201 from kouts/docs/trpc-nuxt_instructions

Baroshem · web-flow · commit ea31a62d94cc · 2023-09-05T09:29:26.000+02:00
docs: added trpc-nuxt configuration section
diff --git a/docs/content/1.getting-started/2.configuration.md b/docs/content/1.getting-started/2.configuration.md
@@ -183,3 +183,37 @@ export default defineNuxtConfig({
   },
 });
 ```
+
+## Using with tRPC Nuxt
+
+TRPC [uses `POST` requests](https://trpc.io/docs/rpc#methods---type-mapping) for the mutation endpoints. Using the CSRF protection functionality of this module with [trpc-nuxt](https://github.com/wobsoriano/trpc-nuxt) will help you protect your mutation endpoints from CSRF.
+
+In order to make the [CSRF](/security/csrf) functionality of this module work with `trpc-nuxt`, we have to add the CSRF token value into a `csrf-token` header inside the outgoing request headers in our `trpc` client.
+
+```ts
+import { createTRPCNuxtClient, httpBatchLink } from "trpc-nuxt/client";
+import type { AppRouter } from "@/server/trpc/routers";
+
+export default defineNuxtPlugin(() => {
+  const headers = useRequestHeaders();
+  const { csrf } = useCsrf();
+
+  const client = createTRPCNuxtClient<AppRouter>({
+    links: [
+      httpBatchLink({
+        // Headers are called on every request
+        headers() {
+          // Add CSRF token to request headers
+          return { ...headers, "csrf-token": csrf };
+        },
+      }),
+    ],
+  });
+
+  return {
+    provide: {
+      client,
+    },
+  };
+});
+```
