fix: added CSRF check for granting access via session authentication

2025-12-10 19:34:34 +00:00 · 2022-04-30 05:04:27 +05:00
parent d47ed6d0e8
commit b060ad1b8e
8 changed files with 37 additions and 14 deletions
--- a/api/package-lock.json
+++ b/api/package-lock.json
@@ -17,6 +17,7 @@
        "csurf": "^1.11.0",
        "express": "^4.17.1",
        "express-session": "^1.17.2",
+        "helmet": "^5.0.2",
        "joi": "^17.4.2",
        "jsonwebtoken": "^8.5.1",
        "mongoose": "^6.0.12",
@@ -4817,6 +4818,14 @@
        "node": ">=8"
      }
    },
+    "node_modules/helmet": {
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/helmet/-/helmet-5.0.2.tgz",
+      "integrity": "sha512-QWlwUZZ8BtlvwYVTSDTBChGf8EOcQ2LkGMnQJxSzD1mUu8CCjXJZq/BXP8eWw4kikRnzlhtYo3lCk0ucmYA3Vg==",
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
    "node_modules/html-encoding-sniffer": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-2.0.1.tgz",
@@ -14126,6 +14135,11 @@
      "integrity": "sha512-UqBRqi4ju7T+TqGNdqAO0PaSVGsDGJUBQvk9eUWNGRY1CFGDzYhLWoM7JQEemnlvVcv/YEmc2wNW8BC24EnUsw==",
      "dev": true
    },
+    "helmet": {
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/helmet/-/helmet-5.0.2.tgz",
+      "integrity": "sha512-QWlwUZZ8BtlvwYVTSDTBChGf8EOcQ2LkGMnQJxSzD1mUu8CCjXJZq/BXP8eWw4kikRnzlhtYo3lCk0ucmYA3Vg=="
+    },
    "html-encoding-sniffer": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-2.0.1.tgz",