Cannot read property '_csrf' of null

[LeXXik]

I am using an Angular JS on the client side, which sends a form data to the server. The form is trivial: username and password. AngularJS has a default action: looks for a cookie 'XSRF-TOKEN' with a token value set by server, modifies the request headers by adding 'X-XSRF-TOKEN' to the request headers and sends it to server using it's $http module.

The problem arises, when an "empty" request is made - when a user clicks login button without entering any data to fields. In that case this.request.body is null.

I now do a form validation on a client side to disable the sending of an empty body, as well as an early validation on a server side to check the presence of this.request.body after parsing the request. But it feels kind of patchy and might break future requests, where body is actually not required.

[jonathanong]

I'm not sure what the issue is.

[LeXXik]

I think that if this.request.body is absent from a request, then the csrf module should either look elsewhere, or handle an error.

[jonathanong]

This module doesn't ever check this.request.body

[LeXXik]

Hmm, sorry if I misunderstand something - I'm still learning, but isn't it on line 174 with this.assertCSRF(this.request.body) ?

TypeError: Cannot read property '_csrf' of null at Object.context.assertCSRF.context.assertCsrf (.../node_modules/koa-csrf/index.js:81:52) at Object.exports.middleware (.../node_modules/koa-csrf/index.js:174:10)

[jonathanong]

Oh shoot I that was added by someone else. I only added the methods.

It's easier just to use the methods directly vs. making the middleware act the way you wan

[dead-horse]

well i think the problem is

typeof body == 'object' && body._csrf

in assertCsrf. i 'll fix it.