Closed joegalley closed 6 years ago
I'm not sure how koa-csrf intercepts HTTP requests - does it matter if I set my koa-router middleware before or after setting koa-csrf?
koa-csrf
koa-router
This is what I'm using now:
server.use(new CSRF({ invalidSessionSecretMessage: 'Invalid session secret', invalidSessionSecretStatusCode: 403, invalidTokenMessage: 'Invalid CSRF token', invalidTokenStatusCode: 403, excludedMethods: ['GET', 'HEAD', 'OPTIONS'], disableQuery: false })); server.use(router.routes());
You should use koa-csrf before you define your routes. Generally speaking, global middleware should always be "first" in your stack.
I'm not sure how
koa-csrf
intercepts HTTP requests - does it matter if I set mykoa-router
middleware before or after settingkoa-csrf
?This is what I'm using now: