Open aravindsrivats opened 2 years ago
When a URL is added to be bypassed, CSRF is not set in the response which leads to subsequent POST requests throwing a 403. This change sets the CSRF token in res.locals before bypassing the validation.
res.locals
Fixes - https://github.com/krakenjs/lusca/issues/142
When a URL is added to be bypassed, CSRF is not set in the response which leads to subsequent POST requests throwing a 403. This change sets the CSRF token in
res.localsbefore bypassing the validation.Fixes - https://github.com/krakenjs/lusca/issues/142