Add csrf protection
parent
e65d55a3f7
commit
3ae67f6fa9
|
@ -43,6 +43,7 @@
|
|||
"compression": "^1.6.0",
|
||||
"connect-mongo": "~1.1.0",
|
||||
"cookie-parser": "^1.4.0",
|
||||
"csurf": "^1.8.3",
|
||||
"debug": "^2.2.0",
|
||||
"dedent": "~0.6.0",
|
||||
"dotenv": "^2.0.0",
|
||||
|
|
|
@ -42,6 +42,7 @@
|
|||
"helmet#xssFilter": {},
|
||||
"helmet#noSniff": {},
|
||||
"helmet#frameguard": {},
|
||||
"./middlewares/csurf": {},
|
||||
"./middlewares/constant-headers": {},
|
||||
"./middlewares/csp": {},
|
||||
"./middlewares/express-rx": {},
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
import csurf from 'csurf';
|
||||
|
||||
export default function() {
|
||||
return csurf({ cookie: true });
|
||||
}
|
|
@ -2,6 +2,7 @@ export default function globalLocals() {
|
|||
return function(req, res, next) {
|
||||
// Make user object available in templates.
|
||||
res.locals.user = req.user;
|
||||
res.locals._csrf = req.csrfToken();
|
||||
next();
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue