diff options
| author | Jules Laplace <julescarbon@gmail.com> | 2017-12-15 09:17:17 +0100 |
|---|---|---|
| committer | Jules Laplace <julescarbon@gmail.com> | 2017-12-15 09:17:17 +0100 |
| commit | 38b3faf1faa645258044201ab8d7429c84bb2b98 (patch) | |
| tree | 8a35569a4aef9736f676f564a4e7b8b847d5fc3e /bucky | |
| parent | ead7e4c6b383f53c2beb66f29510a457dc0b6ed8 (diff) | |
fuck csrf
Diffstat (limited to 'bucky')
| -rw-r--r-- | bucky/app/index.js | 10 | ||||
| -rw-r--r-- | bucky/util/federate.js | 2 | ||||
| -rw-r--r-- | bucky/util/middleware.js | 2 |
3 files changed, 7 insertions, 7 deletions
diff --git a/bucky/app/index.js b/bucky/app/index.js index 63a285d..29017b1 100644 --- a/bucky/app/index.js +++ b/bucky/app/index.js @@ -55,12 +55,12 @@ site.init = function(){ })) upload.init() - federate.route(app) +// federate.route(app) - app.use(csurf({ - cookie: true, - value: (req) => { req.headers['csrf-token'] } - })) +// app.use(csurf({ +// cookie: true, +// value: (req) => { req.headers['csrf-token'] } +// })) app.disable('x-powered-by') app.use(express.query()) diff --git a/bucky/util/federate.js b/bucky/util/federate.js index e94c722..95c61c5 100644 --- a/bucky/util/federate.js +++ b/bucky/util/federate.js @@ -60,8 +60,8 @@ module.exports = { return db.getFilesForThread(req.params.id) }).then(files => { var promises = files.map(file => { - storeFile(file) file.set('thread', thread_id) + storeFile(file) return send("file", file) }) return promises diff --git a/bucky/util/middleware.js b/bucky/util/middleware.js index 20ec323..47633da 100644 --- a/bucky/util/middleware.js +++ b/bucky/util/middleware.js @@ -9,7 +9,7 @@ var middleware = module.exports = { }, ensureLocals: function (req, res, next) { - res.locals.csrfToken = req.csrfToken() + res.locals.csrfToken = req.csrfToken ? req.csrfToken() : 'csrf' res.locals.title = "bucky" res.locals.env = process.env.NODE_ENV if (req.isAuthenticated()) { |