forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfastify2.js
More file actions
38 lines (32 loc) · 724 Bytes
/
fastify2.js
File metadata and controls
38 lines (32 loc) · 724 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
const fastify = require('fastify')
const fp = require('fastify-plugin');
const app = fastify();
function plugin(app) {
app.register(require('fastify-cookie')); // $ Alert
app.register(require('fastify-csrf'));
}
app.register(fp(plugin));
app.route({
method: 'GET',
path: '/getter',
handler: async (req, reply) => { // OK
return 'hello';
}
})
// unprotected route
app.route({
method: 'POST',
path: '/',
handler: async (req, reply) => { // lacks CSRF protection
req.session.blah;
return req.body
} // $ RelatedLocation
})
app.route({
method: 'POST',
path: '/',
onRequest: app.csrfProtection,
handler: async (req, reply) => { // OK - has CSRF protection
return req.body
}
})