-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF token missing for enctype="multipart/form-data" #70
Comments
|
That's impractical for my use case. Alternatively, is there a built in way to exclude routes from requiring CSRF? |
Sure thing. Check out the section on Route paths in the expressjs guide on routing. Short version is you can write a regular expression with a negative lookahead assertion. I wrote a small demo project documenting some middleware registration patterns which includes a blacklist pattern leveraging this. In your case, since you're using vanilla express, I'd recommend writing a true regular expression instead of the string-based pattern I used in the above example project. Closing but feel free to continue the conversation. |
Ah. Didn't know you could do that. Still not ideal, but it'll suffice. Thanks. |
I'm using
lusca
withoutkrakenjs
and am trying to get CSRF working with an image upload. I am parsing the form later in my route logic usingmulter
.How can I get CSRF to work with this?
The text was updated successfully, but these errors were encountered: