Skip to content

Files

Latest commit

 

History

History
7 lines (4 loc) · 261 Bytes

detect-no-csrf-before-method-override.md

File metadata and controls

7 lines (4 loc) · 261 Bytes

Pattern: csrf middleware setup before method-override

Issue: -

Description

Detects Express csrf middleware setup before method-override middleware. This can allow GET requests (which are not checked by csrf) to turn into POST requests later.