gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-06-06 18:08:33 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix csrf path so that it's valid only for current path and not whole (sub)domain

Browse Source
This commit is contained in:
zadam 2019-03-24 23:03:30 +01:00
parent 6c7e2f0aa1
commit 001bd1d004
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/routes/routes.js
View File

@ -40,7 +40,10 @@ const sql = require('../services/sql');
const protectedSessionService = require('../services/protected_session'); const protectedSessionService = require('../services/protected_session');
const csurf = require('csurf'); const csurf = require('csurf');
const csrfMiddleware = csurf({ cookie: true }); const csrfMiddleware = csurf({
cookie: true,
path: '' // nothing so cookie is valid only for current path
});
function apiResultHandler(req, res, result) { function apiResultHandler(req, res, result) {
// if it's an array and first element is integer then we consider this to be [statusCode, response] format // if it's an array and first element is integer then we consider this to be [statusCode, response] format