Skip to content
This repository has been archived by the owner on Jan 17, 2023. It is now read-only.

Commit

Permalink
fix test failures due to error middleware ordering
Browse files Browse the repository at this point in the history
  • Loading branch information
Greg Guthe committed Aug 29, 2017
1 parent 61d944d commit 9cd2464
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 8 deletions.
9 changes: 4 additions & 5 deletions server/src/middleware/csrf.js
View file
@@ -1,3 +1,4 @@
const assert = require("assert");
const csrf = require("csurf");
const mozlog = require("../logging").mozlog("csrf-middleware");
const { captureRavenException } = require("../ravenclient");
Expand All @@ -24,12 +25,10 @@ exports.csrf = function(req, res, next) {
next();
};

exports.csrfErrorHandler = function(err, req, res, next) {
if (err.code !== "EBADCSRFTOKEN") {
next();
}
exports.csrfErrorResponse = function(err, req, res) {
assert(err.code === "EBADCSRFTOKEN", "Returning csrf response for non-csrf error code.");
mozlog.info("bad-csrf", {id: req.ip, url: req.url});
res.status(403);
res.type("text");
res.send("Bad CSRF Token")
res.send("Bad CSRF Token");
};
8 changes: 5 additions & 3 deletions server/src/server.js
View file
Expand Up @@ -30,7 +30,7 @@ const dbschema = require("./dbschema");
const express = require("express");
const bodyParser = require('body-parser');
const contentDisposition = require("content-disposition");
const { csrf, csrfProtection, csrfErrorHandler } = require("./middleware/csrf");
const { csrf, csrfProtection, csrfErrorResponse } = require("./middleware/csrf");
const morgan = require("morgan");
const linker = require("./linker");
const { randomBytes } = require("./helpers");
Expand Down Expand Up @@ -1064,8 +1064,6 @@ require("./jobs").start();

addRavenErrorHandler(app);

app.use(csrfErrorHandler);

app.use(function(err, req, res, next) {
if (err.isAppError) {
let { statusCode, headers, payload } = err.output;
Expand All @@ -1087,6 +1085,10 @@ app.use(function(err, req, res, next) {
res.send(res.message);
return;
}
if (err.code === "EBADCSRFTOKEN") {
csrfErrorResponse(err, req, res);
return;
}
errorResponse(res, "General error:", err);
});

Expand Down

0 comments on commit 9cd2464

Please sign in to comment.