chore(release): 0.0.65

Merge pull request #156 from sasjs/fix-swagger-api-with-csrf
fix: consume swagger api with CSRF
2025-12-10 19:34:34 +00:00 · 2022-05-01 11:36:26 +00:00 · 2022-05-01 14:35:23 +03:00 · 2022-05-01 06:07:17 +05:00 · 2022-05-01 02:28:57 +05:00 · 2022-05-01 02:28:50 +05:00
15 changed files with 173 additions and 62 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,10 +8,20 @@ on:
 jobs:
  release:
    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [lts/*]
+
    steps:
      - name: Checkout
        uses: actions/checkout@v2

+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v2
+        with:
+          node-version: ${{ matrix.node-version }}
+
      - name: Install Dependencies WEB
        working-directory: ./web
        run: npm ci
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,40 @@

 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.

+### [0.0.65](https://github.com/sasjs/server/compare/v0.0.64...v0.0.65) (2022-05-01)
+
+
+### Bug Fixes
+
+* consume swagger api with CSRF ([5aaac24](https://github.com/sasjs/server/commit/5aaac24080362d6ce0c5d1157798a9343f40ae2a))
+
+### [0.0.64](https://github.com/sasjs/server/compare/v0.0.63...v0.0.64) (2022-04-30)
+
+
+### Bug Fixes
+
+* removed fileExists for serving web ([7b39cc0](https://github.com/sasjs/server/commit/7b39cc06d358f5ffecb87955040c4eb0fcc7469e))
+
+### [0.0.63](https://github.com/sasjs/server/compare/v0.0.62...v0.0.63) (2022-04-30)
+
+### [0.0.62](https://github.com/sasjs/server/compare/v0.0.61...v0.0.62) (2022-04-30)
+
+### [0.0.61](https://github.com/sasjs/server/compare/v0.0.59...v0.0.61) (2022-04-30)
+
+
+### Bug Fixes
+
+* added CSRF check for granting access via session authentication ([b060ad1](https://github.com/sasjs/server/commit/b060ad1b8e0bbc61c20dc25be553bba4cc4d2716))
+* setting CSRF Token for only rendering SPA ([b4b60c6](https://github.com/sasjs/server/commit/b4b60c69cf67a42f4797f7f1afe68b7a5eec2998))
+
+### [0.0.60](https://github.com/sasjs/server/compare/v0.0.59...v0.0.60) (2022-04-30)
+
+
+### Bug Fixes
+
+* added CSRF check for granting access via session authentication ([b060ad1](https://github.com/sasjs/server/commit/b060ad1b8e0bbc61c20dc25be553bba4cc4d2716))
+* setting CSRF Token for only rendering SPA ([b4b60c6](https://github.com/sasjs/server/commit/b4b60c69cf67a42f4797f7f1afe68b7a5eec2998))
+
 ### [0.0.59](https://github.com/sasjs/server/compare/v0.0.58...v0.0.59) (2022-04-29)


--- a/api/package-lock.json
+++ b/api/package-lock.json
@@ -17,13 +17,14 @@
        "csurf": "^1.11.0",
        "express": "^4.17.1",
        "express-session": "^1.17.2",
+        "helmet": "^5.0.2",
        "joi": "^17.4.2",
        "jsonwebtoken": "^8.5.1",
        "mongoose": "^6.0.12",
        "mongoose-sequence": "^5.3.1",
        "morgan": "^1.10.0",
        "multer": "^1.4.3",
-        "swagger-ui-express": "^4.1.6"
+        "swagger-ui-express": "4.3.0"
      },
      "bin": {
        "api": "build/src/server.js"
@@ -48,7 +49,7 @@
        "jest": "^27.0.6",
        "mongodb-memory-server": "^8.0.0",
        "nodemon": "^2.0.7",
-        "pkg": "5.5.2",
+        "pkg": "5.6.0",
        "prettier": "^2.3.1",
        "rimraf": "^3.0.2",
        "supertest": "^6.1.3",
@@ -4817,6 +4818,14 @@
        "node": ">=8"
      }
    },
+    "node_modules/helmet": {
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/helmet/-/helmet-5.0.2.tgz",
+      "integrity": "sha512-QWlwUZZ8BtlvwYVTSDTBChGf8EOcQ2LkGMnQJxSzD1mUu8CCjXJZq/BXP8eWw4kikRnzlhtYo3lCk0ucmYA3Vg==",
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
    "node_modules/html-encoding-sniffer": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-2.0.1.tgz",
@@ -8161,9 +8170,9 @@
      }
    },
    "node_modules/pkg": {
-      "version": "5.5.2",
-      "resolved": "https://registry.npmjs.org/pkg/-/pkg-5.5.2.tgz",
-      "integrity": "sha512-pD0UB2ud01C6pVv2wpGsTYJrXI/bnvGRYvMLd44wFzA1p+A2jrlTGFPAYa7YEYzmitXhx23PqalaG1eUEnSwcA==",
+      "version": "5.6.0",
+      "resolved": "https://registry.npmjs.org/pkg/-/pkg-5.6.0.tgz",
+      "integrity": "sha512-mHrAVSQWmHA41RnUmRpC7pK9lNnMfdA16CF3cqOI22a8LZxOQzF7M8YWtA2nfs+d7I0MTDXOtkDsAsFXeCpYjg==",
      "dev": true,
      "dependencies": {
        "@babel/parser": "7.16.2",
@@ -8175,7 +8184,7 @@
        "into-stream": "^6.0.0",
        "minimist": "^1.2.5",
        "multistream": "^4.1.0",
-        "pkg-fetch": "3.2.6",
+        "pkg-fetch": "3.3.0",
        "prebuild-install": "6.1.4",
        "progress": "^2.0.3",
        "resolve": "^1.20.0",
@@ -8207,9 +8216,9 @@
      }
    },
    "node_modules/pkg-fetch": {
-      "version": "3.2.6",
-      "resolved": "https://registry.npmjs.org/pkg-fetch/-/pkg-fetch-3.2.6.tgz",
-      "integrity": "sha512-Q8fx6SIT022g0cdSE4Axv/xpfHeltspo2gg1KsWRinLQZOTRRAtOOaEFghA1F3jJ8FVsh8hGrL/Pb6Ea5XHIFw==",
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/pkg-fetch/-/pkg-fetch-3.3.0.tgz",
+      "integrity": "sha512-xJnIZ1KP+8rNN+VLafwu4tEeV4m8IkFBDdCFqmAJz9K1aiXEtbARmdbEe6HlXWGSVuShSHjFXpfkKRkDBQ5kiA==",
      "dev": true,
      "dependencies": {
        "chalk": "^4.1.2",
@@ -8266,9 +8275,9 @@
      }
    },
    "node_modules/pkg-fetch/node_modules/semver": {
-      "version": "7.3.5",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz",
-      "integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==",
+      "version": "7.3.7",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.7.tgz",
+      "integrity": "sha512-QlYTucUYOews+WeEujDoEGziz4K6c47V/Bd+LjSSYcA94p+DmINdf7ncaUinThfvZyu13lN9OY1XDxt8C0Tw0g==",
      "dev": true,
      "dependencies": {
        "lru-cache": "^6.0.0"
@@ -9425,11 +9434,11 @@
      "integrity": "sha512-WvfPSfAAMlE/sKS6YkW47nX/hA7StmhYnAHc6wWCXNL0oclwLj6UXv0hQCkLnDgvebi0MEV40SJJpVjKUgH1IQ=="
    },
    "node_modules/swagger-ui-express": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/swagger-ui-express/-/swagger-ui-express-4.2.0.tgz",
-      "integrity": "sha512-znrHTwh9UpvsjqgWopA4noIet7mi7UGuIYZ465YfUDKQ5Dpas0jxnkfUKCo+0aB17YCBv26AhIjiQYDV4uvJFA==",
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/swagger-ui-express/-/swagger-ui-express-4.3.0.tgz",
+      "integrity": "sha512-jN46SEEe9EoXa3ZgZoKgnSF6z0w3tnM1yqhO4Y+Q4iZVc8JOQB960EZpIAz6rNROrDApVDwcMHR0mhlnc/5Omw==",
      "dependencies": {
-        "swagger-ui-dist": ">3.52.5"
+        "swagger-ui-dist": ">=4.1.3"
      },
      "engines": {
        "node": ">= v0.10.32"
@@ -14126,6 +14135,11 @@
      "integrity": "sha512-UqBRqi4ju7T+TqGNdqAO0PaSVGsDGJUBQvk9eUWNGRY1CFGDzYhLWoM7JQEemnlvVcv/YEmc2wNW8BC24EnUsw==",
      "dev": true
    },
+    "helmet": {
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/helmet/-/helmet-5.0.2.tgz",
+      "integrity": "sha512-QWlwUZZ8BtlvwYVTSDTBChGf8EOcQ2LkGMnQJxSzD1mUu8CCjXJZq/BXP8eWw4kikRnzlhtYo3lCk0ucmYA3Vg=="
+    },
    "html-encoding-sniffer": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-2.0.1.tgz",
@@ -16635,9 +16649,9 @@
      }
    },
    "pkg": {
-      "version": "5.5.2",
-      "resolved": "https://registry.npmjs.org/pkg/-/pkg-5.5.2.tgz",
-      "integrity": "sha512-pD0UB2ud01C6pVv2wpGsTYJrXI/bnvGRYvMLd44wFzA1p+A2jrlTGFPAYa7YEYzmitXhx23PqalaG1eUEnSwcA==",
+      "version": "5.6.0",
+      "resolved": "https://registry.npmjs.org/pkg/-/pkg-5.6.0.tgz",
+      "integrity": "sha512-mHrAVSQWmHA41RnUmRpC7pK9lNnMfdA16CF3cqOI22a8LZxOQzF7M8YWtA2nfs+d7I0MTDXOtkDsAsFXeCpYjg==",
      "dev": true,
      "requires": {
        "@babel/parser": "7.16.2",
@@ -16649,7 +16663,7 @@
        "into-stream": "^6.0.0",
        "minimist": "^1.2.5",
        "multistream": "^4.1.0",
-        "pkg-fetch": "3.2.6",
+        "pkg-fetch": "3.3.0",
        "prebuild-install": "6.1.4",
        "progress": "^2.0.3",
        "resolve": "^1.20.0",
@@ -16706,9 +16720,9 @@
      }
    },
    "pkg-fetch": {
-      "version": "3.2.6",
-      "resolved": "https://registry.npmjs.org/pkg-fetch/-/pkg-fetch-3.2.6.tgz",
-      "integrity": "sha512-Q8fx6SIT022g0cdSE4Axv/xpfHeltspo2gg1KsWRinLQZOTRRAtOOaEFghA1F3jJ8FVsh8hGrL/Pb6Ea5XHIFw==",
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/pkg-fetch/-/pkg-fetch-3.3.0.tgz",
+      "integrity": "sha512-xJnIZ1KP+8rNN+VLafwu4tEeV4m8IkFBDdCFqmAJz9K1aiXEtbARmdbEe6HlXWGSVuShSHjFXpfkKRkDBQ5kiA==",
      "dev": true,
      "requires": {
        "chalk": "^4.1.2",
@@ -16750,9 +16764,9 @@
          "dev": true
        },
        "semver": {
-          "version": "7.3.5",
-          "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz",
-          "integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==",
+          "version": "7.3.7",
+          "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.7.tgz",
+          "integrity": "sha512-QlYTucUYOews+WeEujDoEGziz4K6c47V/Bd+LjSSYcA94p+DmINdf7ncaUinThfvZyu13lN9OY1XDxt8C0Tw0g==",
          "dev": true,
          "requires": {
            "lru-cache": "^6.0.0"
@@ -17587,11 +17601,11 @@
      "integrity": "sha512-WvfPSfAAMlE/sKS6YkW47nX/hA7StmhYnAHc6wWCXNL0oclwLj6UXv0hQCkLnDgvebi0MEV40SJJpVjKUgH1IQ=="
    },
    "swagger-ui-express": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/swagger-ui-express/-/swagger-ui-express-4.2.0.tgz",
-      "integrity": "sha512-znrHTwh9UpvsjqgWopA4noIet7mi7UGuIYZ465YfUDKQ5Dpas0jxnkfUKCo+0aB17YCBv26AhIjiQYDV4uvJFA==",
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/swagger-ui-express/-/swagger-ui-express-4.3.0.tgz",
+      "integrity": "sha512-jN46SEEe9EoXa3ZgZoKgnSF6z0w3tnM1yqhO4Y+Q4iZVc8JOQB960EZpIAz6rNROrDApVDwcMHR0mhlnc/5Omw==",
      "requires": {
-        "swagger-ui-dist": ">3.52.5"
+        "swagger-ui-dist": ">=4.1.3"
      }
    },
    "symbol-tree": {
--- a/api/package.json
+++ b/api/package.json
@@ -56,13 +56,14 @@
    "csurf": "^1.11.0",
    "express": "^4.17.1",
    "express-session": "^1.17.2",
+    "helmet": "^5.0.2",
    "joi": "^17.4.2",
    "jsonwebtoken": "^8.5.1",
    "mongoose": "^6.0.12",
    "mongoose-sequence": "^5.3.1",
    "morgan": "^1.10.0",
    "multer": "^1.4.3",
-    "swagger-ui-express": "^4.1.6"
+    "swagger-ui-express": "4.3.0"
  },
  "devDependencies": {
    "@types/bcryptjs": "^2.4.2",
@@ -84,7 +85,7 @@
    "jest": "^27.0.6",
    "mongodb-memory-server": "^8.0.0",
    "nodemon": "^2.0.7",
-    "pkg": "5.5.2",
+    "pkg": "5.6.0",
    "prettier": "^2.3.1",
    "rimraf": "^3.0.2",
    "supertest": "^6.1.3",
--- a/api/public/swagger.yaml
+++ b/api/public/swagger.yaml
@@ -465,6 +465,21 @@ info:
        name: '4GL Ltd'
 openapi: 3.0.0
 paths:
+    /:
+        get:
+            operationId: Home
+            responses:
+                '200':
+                    description: Ok
+                    content:
+                        application/json:
+                            schema:
+                                type: string
+            summary: 'Render index.html'
+            tags:
+                - Web
+            security: []
+            parameters: []
    /login:
        post:
            operationId: Login
--- a/api/src/app.ts
+++ b/api/src/app.ts
@@ -7,6 +7,7 @@ import morgan from 'morgan'
 import cookieParser from 'cookie-parser'
 import dotenv from 'dotenv'
 import cors from 'cors'
+import helmet from 'helmet'

 import {
  connectDB,
@@ -37,6 +38,11 @@ export const cookieOptions = {
 ***********************************/
 export const csrfProtection = csrf({ cookie: cookieOptions })

+/***********************************
+ *   Handle security and origin    *
+ ***********************************/
+app.use(helmet())
+
 /***********************************
 *         Enabling CORS           *
 ***********************************/
--- a/api/src/controllers/web.ts
+++ b/api/src/controllers/web.ts
@@ -1,10 +1,23 @@
+import path from 'path'
 import express from 'express'
 import { Request, Route, Tags, Post, Body, Get } from 'tsoa'
+import { readFile } from '@sasjs/utils'
+
 import User from '../model/User'
+import { getWebBuildFolderPath } from '../utils'

@Route('/')
@Tags('Web')
 export class WebController {
+  /**
+   * @summary Render index.html
+   *
+   */
+  @Get('/')
+  public async home(@Request() req: express.Request) {
+    return home(req)
+  }
+
  /**
   * @summary Accept a valid username/password
   *
@@ -31,6 +44,19 @@ export class WebController {
  }
 }

+const home = async (req: express.Request) => {
+  const indexHtmlPath = path.join(getWebBuildFolderPath(), 'index.html')
+
+  // Attention! Cannot use fileExists here,
+  // due to limitation after building executable
+  const content = await readFile(indexHtmlPath)
+
+  req.res?.cookie('XSRF-TOKEN', req.csrfToken())
+  req.res?.setHeader('Content-Type', 'text/html')
+
+  return content
+}
+
 const login = async (
  req: express.Request,
  { username, password }: LoginPayload
--- a/api/src/middlewares/authenticateToken.ts
+++ b/api/src/middlewares/authenticateToken.ts
@@ -1,11 +1,16 @@
 import jwt from 'jsonwebtoken'
+import { csrfProtection } from '../app'
 import { verifyTokenInDB } from '../utils'

 export const authenticateAccessToken = (req: any, res: any, next: any) => {
+  // if request is coming from web and has valid session
+  // we can validate the request and check for CSRF Token
  if (req.session?.loggedIn) {
    req.user = req.session.user
-    return next()
+
+    return csrfProtection(req, res, next)
  }
+
  authenticateToken(
    req,
    res,
--- a/api/src/routes/api/index.ts
+++ b/api/src/routes/api/index.ts
@@ -36,12 +36,22 @@ router.use('/group', desktopRestrict, groupRouter)
 router.use('/stp', authenticateAccessToken, stpRouter)
 router.use('/code', authenticateAccessToken, codeRouter)
 router.use('/user', desktopRestrict, userRouter)
+
 router.use(
  '/',
  swaggerUi.serve,
  swaggerUi.setup(undefined, {
    swaggerOptions: {
-      url: '/swagger.yaml'
+      url: '/swagger.yaml',
+      requestInterceptor: (request: any) => {
+        request.credentials = 'include'
+
+        const cookie = document.cookie
+        const startIndex = cookie.indexOf('XSRF-TOKEN')
+        const csrf = cookie.slice(startIndex + 11).split('; ')[0]
+        request.headers['X-XSRF-TOKEN'] = csrf
+        return request
+      }
    }
  })
 )
--- a/api/src/routes/web/index.ts
+++ b/api/src/routes/web/index.ts
@@ -4,6 +4,8 @@ import webRouter from './web'

 const router = express.Router()

-router.use('/', csrfProtection, webRouter)
+router.use(csrfProtection)
+
+router.use('/', webRouter)

 export default router
--- a/api/src/routes/web/web.ts
+++ b/api/src/routes/web/web.ts
@@ -1,29 +1,23 @@
-import path from 'path'
 import express from 'express'
-import { fileExists } from '@sasjs/utils'
 import { WebController } from '../../controllers/web'
-import { getWebBuildFolderPath, loginWebValidation } from '../../utils'
+import { loginWebValidation } from '../../utils'

 const webRouter = express.Router()
+const controller = new WebController()

-webRouter.get('/', async (_, res) => {
-  const indexHtmlPath = path.join(getWebBuildFolderPath(), 'index.html')
-
-  if (await fileExists(indexHtmlPath)) return res.sendFile(indexHtmlPath)
-
-  return res.send('Web Build is not present')
-})
-
-webRouter.get('/form', function (req, res) {
-  // pass the csrfToken to the view
-  res.send({ csrfToken: req.csrfToken() })
+webRouter.get('/', async (req, res) => {
+  try {
+    const response = await controller.home(req)
+    return res.send(response)
+  } catch (_) {
+    return res.send('Web Build is not present')
+  }
 })

 webRouter.post('/login', async (req, res) => {
  const { error, value: body } = loginWebValidation(req.body)
  if (error) return res.status(400).send(error.details[0].message)

-  const controller = new WebController()
  try {
    const response = await controller.login(req, body)
    res.send(response)
@@ -33,10 +27,9 @@ webRouter.post('/login', async (req, res) => {
 })

 webRouter.get('/logout', async (req, res) => {
-  const controller = new WebController()
  try {
    await controller.logout(req)
-    res.status(200).send()
+    res.status(200).send('OK!')
  } catch (err: any) {
    res.status(400).send(err.toString())
  }
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "server",
-  "version": "0.0.59",
+  "version": "0.0.65",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "server",
-      "version": "0.0.59",
+      "version": "0.0.65",
      "devDependencies": {
        "prettier": "^2.3.1",
        "standard-version": "^9.3.2"
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "server",
-  "version": "0.0.59",
+  "version": "0.0.65",
  "description": "NodeJS wrapper for calling the SAS binary executable",
  "repository": "https://github.com/sasjs/server",
  "scripts": {
--- a/web/src/components/login.tsx
+++ b/web/src/components/login.tsx
@@ -10,13 +10,7 @@ const getAuthCode = async (credentials: any) =>
  axios.post('/SASjsApi/auth/authorize', credentials).then((res) => res.data)

 const login = async (payload: { username: string; password: string }) =>
-  axios.get('/form').then((res1) =>
-    axios
-      .post('/login', payload, {
-        headers: { 'csrf-token': res1.data.csrfToken }
-      })
-      .then((res2) => res2.data)
-  )
+  axios.post('/login', payload).then((res) => res.data)

 const Login = ({ getCodeOnly }: any) => {
  const location = useLocation()
--- a/web/src/context/appContext.tsx
+++ b/web/src/context/appContext.tsx
@@ -52,6 +52,7 @@ const AppContextProvider = (props: { children: ReactNode }) => {
      })
      .catch(() => {
        setLoggedIn(false)
+        axios.get('/') // get CSRF TOKEN
      })
  }, [])
Author	SHA1	Message	Date
Allan Bowe	6adeeefcf5	chore(release): 0.0.65	2022-05-01 11:36:26 +00:00
Allan Bowe	c9d66b8576	Merge pull request #156 from sasjs/fix-swagger-api-with-csrf fix: consume swagger api with CSRF	2022-05-01 14:35:23 +03:00
Saad Jutt	5aaac24080	fix: consume swagger api with CSRF	2022-05-01 06:07:17 +05:00
Saad Jutt	6d34206bbc	chore(release): 0.0.64	2022-05-01 02:28:57 +05:00
Saad Jutt	7b39cc06d3	fix: removed fileExists for serving web	2022-05-01 02:28:50 +05:00
Saad Jutt	6e7f28a6f8	chore(release): 0.0.63	2022-05-01 02:10:24 +05:00
Saad Jutt	5689169ce4	chore: syntax fix for workflow	2022-05-01 02:10:17 +05:00
Saad Jutt	6139e7bff6	chore(release): 0.0.62	2022-05-01 02:08:03 +05:00
Saad Jutt	2c77317bb9	chore: release using node LTS	2022-05-01 02:07:55 +05:00
Saad Jutt	57b63db9cb	chore(release): 0.0.61	2022-05-01 01:59:12 +05:00
Saad Jutt	60a2a4fe32	chore: bumped pkg version	2022-05-01 01:59:04 +05:00
Allan Bowe	09611cb416	chore(release): 0.0.60	2022-04-30 18:53:44 +00:00
Allan Bowe	2a9bb6e6b1	Merge pull request #155 from sasjs/api-access-via-session-authentication fix: added CSRF check for granting access via session authentication	2022-04-30 21:44:35 +03:00
Saad Jutt	b4b60c69cf	fix: setting CSRF Token for only rendering SPA	2022-04-30 06:32:24 +05:00
Saad Jutt	b060ad1b8e	fix: added CSRF check for granting access via session authentication	2022-04-30 05:04:27 +05:00