classifying no csrf token as separate error than csrf mismatch

krakenjs / lusca

Application security for express apps.

Other

1.79k stars 122 forks source link

classifying no csrf token as separate error than csrf mismatch #49

Closed skoranga closed 9 years ago

skoranga commented 9 years ago

Right now, there is no way to identify if the request has no csrf token or bad csrf token. This PR is to address the same and get more visibility around csrf errors.

jasisk commented 9 years ago

Seems reasonable to me. :+1:

pvenkatakrishnan commented 9 years ago

:+1:

jasisk commented 9 years ago

landed in v1.0.3

skoranga commented 9 years ago

thanks @jasisk. but https://github.com/krakenjs/lusca/blob/master/package.json#L3 still pointing to 1.0.2. Looks like you forgot to merge v1.0.3 to master.

jasisk commented 9 years ago

Whomp whomp. Tagged, published, just not pushed to github. :) Fixed.