From 1b3a6716e6b4ff1192ca99e7eb3a664f05b9e203 Mon Sep 17 00:00:00 2001 From: Sahat Yalkabov Date: Fri, 6 Jun 2014 15:57:04 -0400 Subject: [PATCH] CSRF middleware refactoring --- app.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/app.js b/app.js index f12bd4d24c..5841d9ff3a 100755 --- a/app.js +++ b/app.js @@ -12,6 +12,7 @@ var errorHandler = require('errorhandler'); var csrf = require('lusca').csrf(); var methodOverride = require('method-override'); +var _ = require('lodash'); var MongoStore = require('connect-mongo')({ session: session }); var flash = require('express-flash'); var path = require('path'); @@ -59,7 +60,7 @@ var week = day * 7; * CSRF whitelist. */ -var whitelist = ['/url1', '/url2']; +var csrfExclude = ['/url1', '/url2']; /** * Express configuration. @@ -91,8 +92,8 @@ app.use(passport.session()); app.use(flash()); app.use(function(req, res, next) { // CSRF protection. - if (whitelist.indexOf(req.path) !== -1) next(); - else csrf(req, res, next); + if (_.contains(csrfExclude, req.path)) return next(); + csrf(req, res, next); }); app.use(function(req, res, next) { // Make user object available in templates.