I am currently working with a package that uses lusca for CSRF protection and discovered that blacklisting and whitelisting does not work as expected when I pass an array of more than 1 endpoints. However, if a string or an array with just 1 endpoint is passed, it works as expected.
I am currently working with a package that uses
lusca
for CSRF protection and discovered that blacklisting and whitelisting does not work as expected when I pass an array of more than 1 endpoints. However, if astring
or anarray
with just 1 endpoint is passed, it works as expected.Here is a simple scenario from my app:
This works as expected
This doesn't work as expected