Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- var conditionalCSRF = function (req, res, next) {
- //('conditionalCSRF: ', req.method, req.url);
- //OAuth2 URLs
- var whitelist = [
- '/oauth2/authorize/decision',
- '/oauth2/token',
- '/oauth2/signin',
- '/api/users/current',
- '/events/listener'
- ];
- if (process.env.MC_ENV === 'production') {
- req.csrfNeeded = true;
- if (whitelist.indexOf(req.url) !== -1 && req.method === 'POST') {
- req.csrfNeeded = false;
- next();
- } else {
- console.log('csrf(): ', req.method, req.url);
- csrf(req, res, next);
- }
- }
- else
- next();
- };
- app.use(conditionalCSRF);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement