search

krakenjs / lusca

Application security for express apps.
Other
1.78k stars 123 forks source link

CSRF: Disable error log? #62

Open uptownhr opened 9 years ago

uptownhr commented 9 years ago

Is there a way to disable the error logging when a CSRF token missing is triggered? I guess someone is constantly trying to take advantage of my server my logs are flooded with

Error: CSRF token missing
data:    app.js:14113 -     at checkCsrf (/var/www/lovio/node_modules/lusca/lib/csrf.js:89:18)
data:    app.js:14113 -     at /var/www/lovio/node_modules/lusca/index.js:48:21
data:    app.js:14113 -     at xframe (/var/www/lovio/node_modules/lusca/lib/xframes.js:12:9)
data:    app.js:14113 -     at /var/www/lovio/node_modules/lusca/index.js:48:21
data:    app.js:14113 -     at xssProtection (/var/www/lovio/node_modules/lusca/lib/xssprotection.js:16:9)
data:    app.js:14113 -     at /var/www/lovio/node_modules/lusca/index.js:48:21
data:    app.js:14113 -     at lusca (/var/www/lovio/node_modules/lusca/index.js:53:9)
data:    app.js:14113 -     at Layer.handle [as handle_request] (/var/www/lovio/node_modules/express/lib/router/layer.js:95:5)
data:    app.js:14113 -     at trim_prefix (/var/www/lovio/node_modules/express/lib/router/index.js:312:13)
data:    app.js:14113 -     at /var/www/lovio/node_modules/express/lib/router/index.js:280:7
data:    app.js:14113 -     at Function.process_params (/var/www/lovio/node_modules/express/lib/router/index.js:330:12)
data:    app.js:14113 -     at next (/var/www/lovio/node_modules/express/lib/router/index.js:271:10)
data:    app.js:14113 -     at /var/www/lovio/node_modules/express-flash/lib/express-flash.js:31:7
data:    app.js:14113 -     at /var/www/lovio/node_modules/express-flash/node_modules/connect-flash/lib/flash.js:21:5
data:    app.js:14113 -     at /var/www/lovio/node_modules/express-flash/lib/express-flash.js:22:5
data:    app.js:14113 -     at Layer.handle [as handle_request] (/var/www/lovio/node_modules/express/lib/router/layer.js:95:5)
data:    app.js:14113 -     at trim_prefix (/var/www/lovio/node_modules/express/lib/router/index.js:312:13)
data:    app.js:14113 -     at /var/www/lovio/node_modules/express/lib/router/index.js:280:7
data:    app.js:14113 -     at Function.process_params (/var/www/lovio/node_modules/express/lib/router/index.js:330:12)
data:    app.js:14113 -     at next (/var/www/lovio/node_modules/express/lib/router/index.js:271:10)
data:    app.js:14113 -     at SessionStrategy.strategy.pass (/var/www/lovio/node_modules/passport/lib/middleware/authenticate.js:318:9)
data:    app.js:14113 -     at SessionStrategy.authenticate (/var/www/lovio/node_modules/passport/lib/strategies/session.js:67:10)
jonathansamines commented 6 years ago

Not sure if this issue is still relevant, but seems like either the express default error handling or a custom error handling is generating this log.

If it is a custom error handling, you will have to manually exclude the CSRF errors, if you are using the default one then a custom one should be provided which should exclude the CSRF errors as well.

Either way, you will have to check for errors with a method similar to this