added CSRF protection using csurf express middleware, fixes #455

2025-11-06 21:36:05 +01:00 · 2019-03-24 22:41:53 +01:00
parent f6413d095c
commit 9fc5d328b4
11 changed files with 87 additions and 15 deletions
--- a/src/views/desktop.ejs
+++ b/src/views/desktop.ejs
@@ -237,7 +237,8 @@
        activeDialog: null,
        sourceId: '<%= sourceId %>',
        maxSyncIdAtLoad: <%= maxSyncIdAtLoad %>,
-        instanceName: '<%= instanceName %>'
+        instanceName: '<%= instanceName %>',
+        csrfToken: '<%= csrfToken %>'
    };
    window.appCssNoteIds = <%- JSON.stringify(appCssNoteIds) %>;
 </script>