Merge pull request #114 from GeneralZero/patch-3
CSRF token to headers for AJAX POST. Fix for #113
This commit is contained in:
Sahat Yalkabov
2
app.js
2
app.js
@@ -77,7 +77,7 @@ app.use(passport.initialize());
|
|||||||
app.use(passport.session());
|
app.use(passport.session());
|
||||||
app.use(function(req, res, next) {
|
app.use(function(req, res, next) {
|
||||||
res.locals.user = req.user;
|
res.locals.user = req.user;
|
||||||
res.locals.token = req.csrfToken();
|
res.locals._csrf = req.csrfToken();
|
||||||
res.locals.secrets = secrets;
|
res.locals.secrets = secrets;
|
||||||
next();
|
next();
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -4,7 +4,7 @@ block content
|
|||||||
.col-sm-8.col-sm-offset-2
|
.col-sm-8.col-sm-offset-2
|
||||||
form(method='POST')
|
form(method='POST')
|
||||||
legend Forgot Password
|
legend Forgot Password
|
||||||
input(type='hidden', name='_csrf', value=token)
|
input(type='hidden', name='_csrf', value=_csrf)
|
||||||
.form-group
|
.form-group
|
||||||
p Enter your email address below and we will send you password reset instructions.
|
p Enter your email address below and we will send you password reset instructions.
|
||||||
label.control-label(for='email') Email
|
label.control-label(for='email') Email
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ extends ../layout
|
|||||||
block content
|
block content
|
||||||
form(method='POST')
|
form(method='POST')
|
||||||
legend Sign In
|
legend Sign In
|
||||||
input(type='hidden', name='_csrf', value=token)
|
input(type='hidden', name='_csrf', value=_csrf)
|
||||||
.col-sm-8.col-sm-offset-2
|
.col-sm-8.col-sm-offset-2
|
||||||
if secrets.localAuth
|
if secrets.localAuth
|
||||||
.form-group
|
.form-group
|
||||||
@@ -37,4 +37,4 @@ block content
|
|||||||
if secrets.linkedinAuth
|
if secrets.linkedinAuth
|
||||||
a.btn.btn-block.btn-linkedin.btn-social(href='/auth/linkedin')
|
a.btn.btn-block.btn-linkedin.btn-social(href='/auth/linkedin')
|
||||||
i.fa.fa-linkedin
|
i.fa.fa-linkedin
|
||||||
| Sign in with LinkedIn
|
| Sign in with LinkedIn
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ block content
|
|||||||
h3 Profile Information
|
h3 Profile Information
|
||||||
|
|
||||||
form.form-horizontal(action='/account/profile', method='POST')
|
form.form-horizontal(action='/account/profile', method='POST')
|
||||||
input(type='hidden', name='_csrf', value=token)
|
input(type='hidden', name='_csrf', value=_csrf)
|
||||||
.form-group
|
.form-group
|
||||||
label.col-sm-2.control-label(for='email') Email
|
label.col-sm-2.control-label(for='email') Email
|
||||||
.col-sm-4
|
.col-sm-4
|
||||||
@@ -47,7 +47,7 @@ block content
|
|||||||
h3 Change Password
|
h3 Change Password
|
||||||
|
|
||||||
form.form-horizontal(action='/account/password', method='POST')
|
form.form-horizontal(action='/account/password', method='POST')
|
||||||
input(type='hidden', name='_csrf', value=token)
|
input(type='hidden', name='_csrf', value=_csrf)
|
||||||
.form-group
|
.form-group
|
||||||
label.col-sm-3.control-label(for='password') New Password
|
label.col-sm-3.control-label(for='password') New Password
|
||||||
.col-sm-4
|
.col-sm-4
|
||||||
|
|||||||
@@ -4,7 +4,7 @@ block content
|
|||||||
.col-sm-8.col-sm-offset-2
|
.col-sm-8.col-sm-offset-2
|
||||||
form(method='POST')
|
form(method='POST')
|
||||||
legend Reset Password
|
legend Reset Password
|
||||||
input(type='hidden', name='_csrf', value=token)
|
input(type='hidden', name='_csrf', value=_csrf)
|
||||||
.form-group
|
.form-group
|
||||||
label(for='password') New Password
|
label(for='password') New Password
|
||||||
input.form-control(type='password', name='password', value='', placeholder='New password', autofocus=true)
|
input.form-control(type='password', name='password', value='', placeholder='New password', autofocus=true)
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ extends ../layout
|
|||||||
|
|
||||||
block content
|
block content
|
||||||
form.form-horizontal(id='signup-form', method='POST')
|
form.form-horizontal(id='signup-form', method='POST')
|
||||||
input(type='hidden', name='_csrf', value=token)
|
input(type='hidden', name='_csrf', value=_csrf)
|
||||||
legend Signup
|
legend Signup
|
||||||
.form-group
|
.form-group
|
||||||
label.col-sm-3.control-label(for='email') Email
|
label.col-sm-3.control-label(for='email') Email
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ block content
|
|||||||
.row
|
.row
|
||||||
.col-sm-6
|
.col-sm-6
|
||||||
form(role='form', method='POST')
|
form(role='form', method='POST')
|
||||||
input(type='hidden', name='_csrf', value=token)
|
input(type='hidden', name='_csrf', value=_csrf)
|
||||||
.form-group
|
.form-group
|
||||||
.input-group
|
.input-group
|
||||||
input.form-control(type='text', name='telephone', placeholder='Phone Number (international format)')
|
input.form-control(type='text', name='telephone', placeholder='Phone Number (international format)')
|
||||||
|
|||||||
@@ -21,7 +21,7 @@ block content
|
|||||||
.row
|
.row
|
||||||
.col-sm-6
|
.col-sm-6
|
||||||
form(role='form', method='POST')
|
form(role='form', method='POST')
|
||||||
input(type='hidden', name='_csrf', value=token)
|
input(type='hidden', name='_csrf', value=_csrf)
|
||||||
.form-group
|
.form-group
|
||||||
.input-group
|
.input-group
|
||||||
input.form-control(type='text', name='telephone', placeholder='Phone Number')
|
input.form-control(type='text', name='telephone', placeholder='Phone Number')
|
||||||
|
|||||||
@@ -42,7 +42,7 @@ block content
|
|||||||
.col-sm-5
|
.col-sm-5
|
||||||
h3 Make Payment
|
h3 Make Payment
|
||||||
form(role='form', method='POST')
|
form(role='form', method='POST')
|
||||||
input(type='hidden', name='_csrf', value=token)
|
input(type='hidden', name='_csrf', value=_csrf)
|
||||||
.form-group
|
.form-group
|
||||||
label.control-label(for='user') Phone, Email or Venmo User ID
|
label.control-label(for='user') Phone, Email or Venmo User ID
|
||||||
input.form-control(type='text', name='user', id='user', placeholder='15555555555', autofocus=true)
|
input.form-control(type='text', name='user', id='user', placeholder='15555555555', autofocus=true)
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ block content
|
|||||||
h3 Contact Form
|
h3 Contact Form
|
||||||
|
|
||||||
form.form-horizontal(role='form', method='POST')
|
form.form-horizontal(role='form', method='POST')
|
||||||
input(type='hidden', name='_csrf', value=token)
|
input(type='hidden', name='_csrf', value=_csrf)
|
||||||
.form-group
|
.form-group
|
||||||
label(class='col-sm-2 control-label', for='name') Name
|
label(class='col-sm-2 control-label', for='name') Name
|
||||||
.col-sm-8
|
.col-sm-8
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ html
|
|||||||
meta(http-equiv='X-UA-Compatible', content='IE=edge')
|
meta(http-equiv='X-UA-Compatible', content='IE=edge')
|
||||||
meta(name='viewport', content='width=device-width, initial-scale=1.0')
|
meta(name='viewport', content='width=device-width, initial-scale=1.0')
|
||||||
meta(name='description', content='')
|
meta(name='description', content='')
|
||||||
|
meta(name='csrf-token', content=_csrf)
|
||||||
meta(name='author', content='')
|
meta(name='author', content='')
|
||||||
title #{title} | Hackathon Starter
|
title #{title} | Hackathon Starter
|
||||||
!= css('styles')
|
!= css('styles')
|
||||||
|
|||||||
Reference in New Issue
Block a user