jasisk
commented
8 years ago multer will have to be earlier in the continuation than lusca as lusca needs to pluck the token off of the body (which isn't parsed until the multer middleware).
Closed erbridge closed 8 years ago
jasisk
commented
8 years ago multer will have to be earlier in the continuation than lusca as lusca needs to pluck the token off of the body (which isn't parsed until the multer middleware).
erbridge
commented
8 years ago That's impractical for my use case. Alternatively, is there a built in way to exclude routes from requiring CSRF?
jasisk
commented
8 years ago Sure thing. Check out the section on Route paths in the expressjs guide on routing. Short version is you can write a regular expression with a negative lookahead assertion. I wrote a small demo project documenting some middleware registration patterns which includes a blacklist pattern leveraging this.
In your case, since you're using vanilla express, I'd recommend writing a true regular expression instead of the string-based pattern I used in the above example project.
Closing but feel free to continue the conversation.
erbridge
commented
8 years ago Ah. Didn't know you could do that. Still not ideal, but it'll suffice. Thanks.
I'm using
luscawithoutkrakenjsand am trying to get CSRF working with an image upload. I am parsing the form later in my route logic usingmulter.How can I get CSRF to work with this?