Press n or j to go to the next uncovered block, b, p or k for the previous block.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | 15x 15x 15x | const debug = require('debug')('crowi:middlewares:csrfVerify') module.exports = (crowi, app) => { return (req, res, next) => { var token = req.body._csrf || req.query._csrf || null var csrfKey = (req.session && req.session.id) || 'anon' debug('req.skipCsrfVerify', req.skipCsrfVerify) if (req.skipCsrfVerify) { debug('csrf verify skipped') return next() } if (crowi.getTokens().verify(csrfKey, token)) { return next() } debug('csrf verification failed. return 403', csrfKey, token) return res.sendStatus(403) } } |