Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

CSRF middleware: expose defaultValue() function #665

Closed
wants to merge 1 commit into from

2 participants

@aseemk

This makes it convenient to write and provide a custom value() function that can still fall back to the default one.

E.g. during development purposes, I want to ignore CSRF for certain API endpoints. With this, I could achieve that by providing a custom function like:

connect.csrf({
  value: function (req) {
    if (req.path.indexOf('/foo/bar') === 0) {
      return req.session._csrf;
    } else {
      return connect.csrf.defaultValue(req);
    }
  }
});

Thanks. =)

@aseemk aseemk CSRF middleware: expose defaultValue() function.
Convenient for providing a wrapper value() function
that falls back to the default one.
95c8107
@jonathanong

E.g. during development purposes, I want to ignore CSRF for certain API endpoints

app.use(function (req, res, next) {
  if (iWantToIgnoreThisEndPoint(req.url) {
    next();
  else
    express.csrf()(req, res, next);
})
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Oct 3, 2012
  1. @aseemk

    CSRF middleware: expose defaultValue() function.

    aseemk authored
    Convenient for providing a wrapper value() function
    that falls back to the default one.
This page is out of date. Refresh to see the latest.
Showing with 2 additions and 2 deletions.
  1. +2 −2 lib/middleware/csrf.js
View
4 lib/middleware/csrf.js
@@ -38,7 +38,7 @@ var utils = require('../utils');
module.exports = function csrf(options) {
var options = options || {}
- , value = options.value || defaultValue;
+ , value = options.value || exports.defaultValue;
return function(req, res, next){
// generate CSRF token
@@ -66,7 +66,7 @@ module.exports = function csrf(options) {
* @api private
*/
-function defaultValue(req) {
+exports.defaultValue = function(req) {
return (req.body && req.body._csrf)
|| (req.query && req.query._csrf)
|| (req.headers['x-csrf-token']);
Something went wrong with that request. Please try again.