forked from tungstenfabric/tf-webui-third-party
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcsurf_1.10.0_1.patch
42 lines (39 loc) · 1.28 KB
/
csurf_1.10.0_1.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
--- node_modules/csurf/index.js 1985-10-26 01:15:00.000000000 -0700
+++ node_modules/csurf/index.js 2019-09-08 11:02:27.000000000 -0700
@@ -65,7 +65,17 @@
// generate lookup
var ignoreMethod = getIgnoredMethods(ignoreMethods)
+ // get csrf invalid event emitter
+ var invalidEventEmitter = opts.eventEmitter;
+
return function csrf (req, res, next) {
+ var xAuthToken = req.headers['x-auth-token'];
+ if (null != xAuthToken) {
+ /* This request validity gets checked by validating x-auth-token value
+ */
+ return next();
+ }
+
// validate the configuration against request
if (!verifyConfiguration(req, sessionKey, cookie)) {
return next(new Error('misconfigured csrf'))
@@ -109,12 +119,16 @@
// verify the incoming token
if (!ignoreMethod[req.method] && !tokens.verify(secret, value(req))) {
- return next(createError(403, 'invalid csrf token', {
- code: 'EBADCSRFTOKEN'
- }))
+ if (invalidEventEmitter && typeof invalidEventEmitter.emit === 'function') {
+ invalidEventEmitter.emit('csrfInvalidated', req, res);
+ } else {
+ return next(createError(403, 'invalid csrf token', {
+ code: 'EBADCSRFTOKEN'
+ }))
+ }
+ } else {
+ next();
}
-
- next()
}
}