Typo fix in bypass-connect-csrf-protection-by-abusing.md (#141)

eslint-community · Mar 4, 2024 · e63aabe · e63aabe
1 parent 779da2b
commit e63aabe
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/docs/bypass-connect-csrf-protection-by-abusing.md b/docs/bypass-connect-csrf-protection-by-abusing.md
@@ -18,9 +18,9 @@ Considering the following code:
 
 ```js
 ...
-app.use express.csrf()
+app.use(express.csrf())
 ...
-app.use express.methodOverride()
+app.use(express.methodOverride())
 ```
 
 Connect's CSRF middleware does not check csrf tokens in case of idempotent verbs (GET/HEAD/OPTIONS, see lib/middleware/csrf.js). As a result, it is possible to bypass this security control by sending a GET request with a POST MethodOverride header or key.