Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

CSRF middleware: expose defaultValue() function #665

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
2 participants
Contributor

aseemk commented Oct 3, 2012

This makes it convenient to write and provide a custom value() function that can still fall back to the default one.

E.g. during development purposes, I want to ignore CSRF for certain API endpoints. With this, I could achieve that by providing a custom function like:

connect.csrf({
  value: function (req) {
    if (req.path.indexOf('/foo/bar') === 0) {
      return req.session._csrf;
    } else {
      return connect.csrf.defaultValue(req);
    }
  }
});

Thanks. =)

CSRF middleware: expose defaultValue() function.
Convenient for providing a wrapper value() function
that falls back to the default one.
Contributor

jonathanong commented Sep 13, 2013

E.g. during development purposes, I want to ignore CSRF for certain API endpoints

app.use(function (req, res, next) {
  if (iWantToIgnoreThisEndPoint(req.url) {
    next();
  else
    express.csrf()(req, res, next);
})
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment