[feature] Add configuration to csrf to be able to change default /csr…

…fToken route balderdashy#2366
konstantinzolotarev · Nov 5, 2014 · a4b73b1 · a4b73b1
1 parent b94460e
commit a4b73b1
Showing 1 changed file with 13 additions and 6 deletions.
diff --git a/lib/hooks/csrf/index.js b/lib/hooks/csrf/index.js
@@ -20,7 +20,8 @@ module.exports = function(sails) {
       // CSRF middleware protection, all non-GET requests must send '_csrf' parmeter
       // _csrf is a parameter for views, and is also available via GET at /csrfToken
       // TODO: move into csrf hook
-      csrf: false
+      csrf: false,
+
     },
 
     configure: function () {
@@ -29,15 +30,17 @@ module.exports = function(sails) {
           grantTokenViaAjax: true,
           protectionEnabled: true,
           origin: '-',
-          routesDisabled: '-'
+          routesDisabled: '-',
+          route: '/csrfToken'
         };
       }
       else if (sails.config.csrf === false) {
         sails.config.csrf = {
           grantTokenViaAjax: false,
           protectionEnabled: false,
           origin: '-',
-          routesDisabled: '-'
+          routesDisabled: '-',
+          route: '/csrfToken'
         };
       }
       // If user provides ANY object (including empty object), enable all default
@@ -47,11 +50,15 @@ module.exports = function(sails) {
           grantTokenViaAjax: true,
           protectionEnabled: true,
           origin: '-',
-          routesDisabled: '-'
+          routesDisabled: '-',
+          route: '/csrfToken'
         });
       }
+      // Create a route path for getting _csrf parameter
+      var csrfRoute = {};
+      csrfRoute[sails.config.csrf.route] = {target: csrfToken, cors: {origin: sails.config.csrf.origin, credentials:true}};
       // Add the csrfToken directly to the config'd routes, so that the CORS hook can process it
-      sails.config.routes["/csrfToken"] = {target: csrfToken, cors: {origin: sails.config.csrf.origin, credentials:true}};
+      sails.config.routes = sails.util.extend(csrfRoute, sails.config.routes);
     },
 
     initialize: function(cb) {
@@ -107,7 +114,7 @@ module.exports = function(sails) {
       });
 
       sails.on('router:after', function() {
-        sails.router.bind('/csrfToken', csrfToken, 'get', {cors: {origin: sails.config.csrf.origin, credentials: true}});
+        sails.router.bind(sails.config.csrf.route, csrfToken, 'get', {cors: {origin: sails.config.csrf.origin, credentials: true}});
       });
 
       cb();