Saving all form values will potentially save the redirect value and csrf token - Githubissues

cds-snc / node-starter-app

Quick start application setup.... because you have to start somewhere.

MIT License

5 stars 3 forks source link

Saving all form values will potentially save the redirect value and csrf token #93

Closed pcraig3 closed 4 years ago

pcraig3 commented 4 years ago

Hello!

Without doing a ton of investigating, it looks like your session helper over here is saving all form data to the session. That's cool, and we do it too.

However, we have some middleware that does something similar except it also removes the redirect key -- it's on lots of our forms but we don't want to save it.

copy the form values to a new object (don't want to mutate our data)
delete redirect (won't throw an error if it works)

So yeah, close the issue if you want or I can do a PR with a few tests if you're interested.

timarney commented 4 years ago

👍 At some point I want to add a check the Schema(s) for allowed values but that's down the road - thanks for the PR.