Csrf protection for forms

cds-snc / node-starter-app

Quick start application setup.... because you have to start somewhere.

MIT License

5 stars 3 forks source link

Csrf protection for forms #40

Closed dsamojlenko closed 5 years ago

dsamojlenko commented 5 years ago

Add CSRF protection to forms
Remove old "nonce"-related code

lgtm-com[bot] commented 5 years ago

This pull request introduces 3 alerts when merging 5d5ea5ef9fd2f71bf906b88e48f418007cc2b936 into 0ed93ed52c785d3ee8641a8ab627d4b5a565a211 - view on LGTM.com

new alerts:

3 for Unused variable, import, function or class

lgtm-com[bot] commented 5 years ago

This pull request introduces 2 alerts when merging cc3b42ee3ab768dbaccb7381d2432c36fe1ff520 into 0ed93ed52c785d3ee8641a8ab627d4b5a565a211 - view on LGTM.com

new alerts:

2 for Unused variable, import, function or class

timarney commented 5 years ago

💯 Nice - that's the exact package I was going to look into.

lgtm-com[bot] commented 5 years ago

This pull request introduces 2 alerts when merging 6b8449f56cc08fec47732d9f59002105707ebb19 into 0ed93ed52c785d3ee8641a8ab627d4b5a565a211 - view on LGTM.com

new alerts:

2 for Unused variable, import, function or class

timarney commented 5 years ago

Nice - as mentioned for the commented out validateRouteData

We might be able to build up the request using something like

const http = require("http")
new http.IncomingMessage();
const req = new http.ClientRequest()

... add the session data ...

Vs the current need to make a post request there.

timarney commented 5 years ago

Also need to bump the package # on this ...

I don't think there's breaking changes so you can push a new minor version (for the added feature)