forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcsurf_example.js
More file actions
34 lines (27 loc) · 1.04 KB
/
csurf_example.js
File metadata and controls
34 lines (27 loc) · 1.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
// Adapted from https://github.com/expressjs/csurf, which is
// licensed under the MIT license; see file LICENSE.
var cookieParser = require('cookie-parser')
var csrf = require('csurf')
var bodyParser = require('body-parser')
var express = require('express')
// setup route middlewares
var csrfProtection = csrf({ cookie: true })
var parseForm = bodyParser.urlencoded({ extended: false })
// create express app
var app = express()
// parse cookies
// we need this because "cookie" is true in csrfProtection
app.use(cookieParser()) // $ Alert
app.get('/form', csrfProtection, function (req, res) { // OK
let newEmail = req.cookies["newEmail"];
// pass the csrfToken to the view
res.render('send', { csrfToken: req.csrfToken() })
})
app.post('/process', parseForm, csrfProtection, function (req, res) { // OK
let newEmail = req.cookies["newEmail"];
res.send('data is being processed')
})
app.post('/process_unsafe', parseForm, function (req, res) {
let newEmail = req.cookies["newEmail"];
res.send('data is being processed')
}) // $ RelatedLocation