Add csrf protection
This commit is contained in:
Berkeley Martinez
@ -43,6 +43,7 @@
|
|||||||
"compression": "^1.6.0",
|
"compression": "^1.6.0",
|
||||||
"connect-mongo": "~1.1.0",
|
"connect-mongo": "~1.1.0",
|
||||||
"cookie-parser": "^1.4.0",
|
"cookie-parser": "^1.4.0",
|
||||||
|
"csurf": "^1.8.3",
|
||||||
"debug": "^2.2.0",
|
"debug": "^2.2.0",
|
||||||
"dedent": "~0.6.0",
|
"dedent": "~0.6.0",
|
||||||
"dotenv": "^2.0.0",
|
"dotenv": "^2.0.0",
|
||||||
|
|||||||
@ -42,6 +42,7 @@
|
|||||||
"helmet#xssFilter": {},
|
"helmet#xssFilter": {},
|
||||||
"helmet#noSniff": {},
|
"helmet#noSniff": {},
|
||||||
"helmet#frameguard": {},
|
"helmet#frameguard": {},
|
||||||
|
"./middlewares/csurf": {},
|
||||||
"./middlewares/constant-headers": {},
|
"./middlewares/constant-headers": {},
|
||||||
"./middlewares/csp": {},
|
"./middlewares/csp": {},
|
||||||
"./middlewares/express-rx": {},
|
"./middlewares/express-rx": {},
|
||||||
|
|||||||
5
server/middlewares/csurf.js
Normal file
5
server/middlewares/csurf.js
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
import csurf from 'csurf';
|
||||||
|
|
||||||
|
export default function() {
|
||||||
|
return csurf({ cookie: true });
|
||||||
|
}
|
||||||
@ -2,6 +2,7 @@ export default function globalLocals() {
|
|||||||
return function(req, res, next) {
|
return function(req, res, next) {
|
||||||
// Make user object available in templates.
|
// Make user object available in templates.
|
||||||
res.locals.user = req.user;
|
res.locals.user = req.user;
|
||||||
|
res.locals._csrf = req.csrfToken();
|
||||||
next();
|
next();
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user