added CSRF protection using csurf express middleware, fixes #455

2025-11-06 21:36:05 +01:00 · 2019-03-24 22:41:53 +01:00
parent f6413d095c
commit 9fc5d328b4
11 changed files with 87 additions and 15 deletions
--- a/src/routes/custom.js
+++ b/src/routes/custom.js
@@ -4,6 +4,8 @@ const fileUploadService = require('./api/file_upload');
 const scriptService = require('../services/script');

 function register(router) {
+    // explicitly no CSRF middleware since it's meant to allow integration from external services
+
    router.all('/custom/:path*', async (req, res, next) => {
        // express puts content after first slash into 0 index element
        const path = req.params.path + req.params[0];