fix: added CSRF check for granting access via session authentication

2025-12-11 03:34:35 +00:00 · 2022-04-30 05:04:27 +05:00
parent d47ed6d0e8
commit b060ad1b8e
8 changed files with 37 additions and 14 deletions
--- a/api/src/routes/web/web.ts
+++ b/api/src/routes/web/web.ts
@@ -14,11 +14,6 @@ webRouter.get('/', async (_, res) => {
  return res.send('Web Build is not present')
 })

-webRouter.get('/form', function (req, res) {
-  // pass the csrfToken to the view
-  res.send({ csrfToken: req.csrfToken() })
-})
-
 webRouter.post('/login', async (req, res) => {
  const { error, value: body } = loginWebValidation(req.body)
  if (error) return res.status(400).send(error.details[0].message)