Merge a3d12f4 into 9f86080

expressjs · Feb 19, 2015 · 31586eb · 31586eb
2 parents 9f86080 + a3d12f4
commit 31586eb
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -6,3 +6,4 @@
 node_modules
 coverage
 cache
+.idea
diff --git a/README.md b/README.md
@@ -78,6 +78,12 @@ locations, in order:
   - `req.headers['xsrf-token']` - the `XSRF-Token` HTTP request header.
   - `req.headers['x-csrf-token']` - the `X-CSRF-Token` HTTP request header.
   - `req.headers['x-xsrf-token']` - the `X-XSRF-Token` HTTP request header.
+
+##### clientUserAgent
+
+An Array of the methods for which user-agent request that CSRF token checking will disabled.
+Like `["iOS","Android","WindowsPhone"]`.
+
 
 ## Example
 

diff --git a/index.js b/index.js
@@ -31,6 +31,9 @@ var sign = require('cookie-signature').sign;
 module.exports = function csurf(options) {
   options = options || {};
 
+  //get client user agent array
+  var clientUserAgent = options.clientUserAgent || [];
+
   // get cookie options
   var cookie = getCookieOptions(options.cookie)
 
@@ -53,6 +56,21 @@ module.exports = function csurf(options) {
   var ignoreMethod = getIgnoredMethods(ignoreMethods)
 
   return function csrf(req, res, next) {
+
+    if(clientUserAgent.length>0)
+    {
+      var userAgent = req.headers["user-agent"];
+      for(var i= 0,len=clientUserAgent.length;i<len;i++)
+      {
+        if(userAgent === clientUserAgent[i])
+        {
+          req.nocsurf = true;
+          next();
+          return true;
+        }
+      }
+    }
+
     var secret = getsecret(req, cookie)
     var token