Closed draschke closed 9 years ago
Hi, I found a solution for my problem on this side: https://gist.github.com/vernak2539/9475654 I don't see really any differences, but it works fine.
conditionalCSRF = function( req, res, next ) {
if( Boolean( csrfFreeRoutes[ req.path ] ) ) {
next();
} else {
csrf( req, res, next );
}
}
Thanks for sharing the solution! Since I use Helmet instead of Lusca I really wasn't able to help troubleshoot.
Hi Dan,
since one week I try to exclude CSRF-proofing for one iframe-side. I used the coding from hackathon-starter and it worked fine for his framework. (He is using "lusca.")
Now I try to use the coding for skeleton, but I don't get it solved. I tried it with csurf and lusca but I'm always getting into new trouble.
Would it be possible for you to include a sample in your framework?
old version on hackathon-starter: worked in my hackathon-starter sample var whitelist = [ '/comment', '/comment/create']; app.use(function(req, res, next) { if (whitelist.indexOf(req.path) !== -1) next(); else csrf(req, res, next); });
new version on hackathon-starter: (I don't use it) var csrfExclude = ['/url1', '/url2']; app.use(function(req, res, next) { // CSRF protection. if (_.contains(csrfExclude, req.path)) return next(); csrf(req, res, next); });
Thanks for your help..