sasjs/server
1
0
Fork 0
mirror of https://github.com/sasjs/server.git synced 2026-01-06 06:10:04 +00:00
Code Issues Projects Releases Wiki Activity

chore(csrf): removed _csrf completely

Browse Source
This commit is contained in:
Saad Jutt
2022-09-30 03:07:21 +05:00
parent fe3e5088f8
commit fda6ad6356
2 changed files with 5 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
api/src/middlewares/csrfProtection.ts
View File

@@ -9,17 +9,17 @@ export const generateCSRFToken = () => csrfTokens.create(secret)
export const csrfProtection: RequestHandler = (req, res, next) => {
if (req.method === 'GET') return next()
// The default value is a function that reads the token from the following locations, in order:
// req.body._csrf - typically generated by the body-parser module.
// req.query._csrf - a built-in from Express.js to read from the URL query string.
// Reads the token from the following locations, in order:
// req.body.csrf_token - typically generated by the body-parser module.
// req.query.csrf_token - a built-in from Express.js to read from the URL query string.
// req.headers['csrf-token'] - the CSRF-Token HTTP request header.
// req.headers['xsrf-token'] - the XSRF-Token HTTP request header.
// req.headers['x-csrf-token'] - the X-CSRF-Token HTTP request header.
// req.headers['x-xsrf-token'] - the X-XSRF-Token HTTP request header.
const token =
req.body?._csrf ||
req.query?._csrf ||
req.body?.csrf_token ||
req.query?.csrf_token ||
req.headers['csrf-token'] ||
req.headers['xsrf-token'] ||
req.headers['x-csrf-token'] ||