make lusca's csrf function work

arvindr21 / blueimp-file-upload-expressjs

A simple express module for integrating jQuery File Upload.

http://expressjs-fileupload.cloudno.de/

104 stars 69 forks source link

make lusca's csrf function work #34

Closed mamboer closed 9 years ago

mycaule commented 9 years ago

Where is val defined?

mycaule commented 9 years ago

Please provide an example or test case as well.

mamboer commented 9 years ago

Sorry for the typo, i've found a more elegant way to make csrf work, pls ignore this pull-request and close it. To make csrf work normally, we can put the csrf token into http request's headers via $.ajaxSetup, i've post my example here https://github.com/mamboer/expressjs-fileupload

mamboer commented 9 years ago

BTW: I found that blueimp-file-upload-expressjs sucks with the multer package, you should comment out the multer related codes in my example to make it run.

mycaule commented 9 years ago

I use that kind of code to allow cross origin requests on another express project. You should be able to tweak it, it's just about HTTP headers.

app.all('*', function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "X-Requested-With, Content-Type");
  res.header("Access-Control-Allow-Methods", "POST, PUT, GET, DELETE");
  next();
});