Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Form handling update

  • Loading branch information...
commit 59f8a8250f90bc011b733af80c4e86513cee172a 1 parent 112ce89
@njx njx authored
View
7 app.js
@@ -122,6 +122,13 @@ app.configure(function () {
app.use(express.session({ secret: config.sessionSecret }));
app.use(passport.initialize());
app.use(passport.session());
+ app.use(express.csrf());
+ app.use(function (req, res, next) {
+ // Must come before router (so locals are exposed properly) but after the CSRF middleware
+ // (so _csrf is set).
+ res.locals.csrfToken = req.csrfToken();
+ next();
+ });
app.use(app.router);
// JSLint doesn't like "express.static" because static is a keyword.
app.use(express["static"](path.resolve(__dirname, "public")));
View
3  public/js/main.js
@@ -40,6 +40,9 @@ $(function () {
$(".extension-list").html(content);
});
});
+ this.on("sending", function (file, xhr, formData) {
+ formData.append("_csrf", $("meta[name='csrf-token']").attr("content"));
+ });
},
accept: function (file, done) {
if (!file.name.match(/\.zip$/i)) {
View
1  views/index.html
@@ -5,6 +5,7 @@
<div class="fallback">
<input type="file" name="extensionPackage" size="40">
<button class="btn" type="submit">Upload</button>
+ <input type="hidden" name="_csrf" value="{{csrfToken}}">
</div>
</form>
{{else}}
View
1  views/layout.html
@@ -7,6 +7,7 @@
<link href="/css/styles.css" rel="stylesheet">
<link href="/css/dropzone-basic.css" rel="stylesheet">
<link rel="alternate" type="application/rss+xml" title="RSS" href="/rss" />
+ <meta name="csrf-token" content="{{csrfToken}}">
</head>
<body>
Please sign in to comment.
Something went wrong with that request. Please try again.