vernak2539
commented
10 years ago Sorry for the initial one, just looked at your tests and found what I was looking for. Still wondering why the original function was removed.
Closed vernak2539 closed 10 years ago
vernak2539
commented
10 years ago Sorry for the initial one, just looked at your tests and found what I was looking for. Still wondering why the original function was removed.
jeffharrell
commented
10 years ago Pre 1.0 versions depended on connect's CSRF functionality which exposed req.csrfToken(). It was implicitly removed because that dependency was removed to allow for custom CSRF implementations.
I can revisit adding this back in if there's a valid use case. Is what you were doing no longer supported, or was it just an interface change?
vernak2539
commented
10 years ago Thanks for the response! Nope I don't need it back. I was just wondering, and what you said makes sense. Seems like a good solution. Thanks for this!
Just wondering the thought process around not having req.csrfToken() available anymore.
I've been using version ~0.1.1 and it had this method. I think with the 1.0.0 release it was removed, and now you have to use req.session._csrf to get the token. Or am I thinking about this in the wrong way?