cookie option cannot be bool true or else .key is undefined...

[busticated]

docs say:

• cookie set to a truthy value to enable cookie-based instead of session-based csrf secret storage.
  • If cookie is an object, these options can be configured, otherwise defaults are used:
  • key the name of the cookie to use (defaults to _csrf) to store the csrf secret

code says:

if (options.cookie && !options.cookie.key) {
    options.cookie.key = '_csrf'
}

so, if i do the following:

app.use(express.csrf({ cookie: true }));

options.cookie.key is undefined because .key is assigned to a bool.

what am I missing?

[dougwilson]

Sounds like a module bug to me :)

[busticated]

hehe! thought so :-)

want a patch or have you already fixed it? :-D

[dougwilson]

Sorry, didn't even look at this reply until I pushed the fix ;) I'll have it published to npm in just a little bit.

[busticated]

oh no sweat! again, i figured :)

thanks a bunch! :+1:

[dougwilson]

Thank you for the report :) Published as 1.6.2