start fixing the password in scope potential corner case security issue

2015-03-17 17:22:58 -07:00
parent f144e84310
commit f1dcb4c373
3 changed files with 4 additions and 3 deletions
--- a/app.js
+++ b/app.js
@@ -196,7 +196,9 @@ app.use(helmet.contentSecurityPolicy({

 app.use(function (req, res, next) {
    // Make user object available in templates.
-    res.locals.user = req.user;
+    fullUser = req.user;
+    delete fullUser.password;
+    res.locals.user = fullUser;
    next();
 });