gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #8411 from BerkeleyTrue/fix/csrf-camperbot

Browse Source 
Remove csrf from api calls
This commit is contained in:
Quincy Larson
2016-05-02 21:24:28 -07:00
parent 3ae67f6fa9 cda2fe768b
commit 2224b8dec1
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
server/middlewares/csurf.js
View File

@ -1,5 +1,12 @@
import csurf from 'csurf'; import csurf from 'csurf';
export default function() { export default function() {
return csurf({ cookie: true }); const protection = csurf({ cookie: true });
return function csrf(req, res, next) {
const path = req.path.split('/')[1];
if (/api/.test(path)) {
return next();
}
return protection(req, res, next);
};
} }

2
server/middlewares/global-locals.js
View File

@ -2,7 +2,7 @@ export default function globalLocals() {
return function(req, res, next) { return function(req, res, next) {
// Make user object available in templates. // Make user object available in templates.
res.locals.user = req.user; res.locals.user = req.user;
res.locals._csrf = req.csrfToken(); res.locals._csrf = req.csrfToken ? req.csrfToken() : null;
next(); next();
}; };
} }