Skip to content

Commit

Permalink
[feature] Add configuration to csrf to be able to change default /csr…
Browse files Browse the repository at this point in the history
…fToken route balderdashy#2366
  • Loading branch information
konstantinzolotarev committed Nov 5, 2014
1 parent 3f7b46d commit d786ff4
Showing 1 changed file with 11 additions and 5 deletions.
16 changes: 11 additions & 5 deletions lib/hooks/csrf/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -29,15 +29,17 @@ module.exports = function(sails) {
grantTokenViaAjax: true,
protectionEnabled: true,
origin: '-',
routesDisabled: '-'
routesDisabled: '-',
route: '/csrfToken'
};
}
else if (sails.config.csrf === false) {
sails.config.csrf = {
grantTokenViaAjax: false,
protectionEnabled: false,
origin: '-',
routesDisabled: '-'
routesDisabled: '-',
route: '/csrfToken'
};
}
// If user provides ANY object (including empty object), enable all default
Expand All @@ -47,11 +49,15 @@ module.exports = function(sails) {
grantTokenViaAjax: true,
protectionEnabled: true,
origin: '-',
routesDisabled: '-'
routesDisabled: '-',
route: '/csrfToken'
});
}
// Create a route path for getting _csrf parameter
var csrfRoute = {};
csrfRoute[sails.config.csrf.route] = {target: csrfToken, cors: {origin: sails.config.csrf.origin, credentials:true}};
// Add the csrfToken directly to the config'd routes, so that the CORS hook can process it
sails.config.routes["/csrfToken"] = {target: csrfToken, cors: {origin: sails.config.csrf.origin, credentials:true}};
sails.config.routes = sails.util.extend(csrfRoute, sails.config.routes);
},

initialize: function(cb) {
Expand Down Expand Up @@ -107,7 +113,7 @@ module.exports = function(sails) {
});

sails.on('router:after', function() {
sails.router.bind('/csrfToken', csrfToken, 'get', {cors: {origin: sails.config.csrf.origin, credentials: true}});
sails.router.bind(sails.config.csrf.route, csrfToken, 'get', {cors: {origin: sails.config.csrf.origin, credentials: true}});
});

cb();
Expand Down

0 comments on commit d786ff4

Please sign in to comment.