Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

is it possible for me to disable csrf on particular route ? #2096

Closed
xr opened this issue Aug 11, 2014 · 2 comments
Closed

is it possible for me to disable csrf on particular route ? #2096

xr opened this issue Aug 11, 2014 · 2 comments

Comments

@xr
Copy link

xr commented Aug 11, 2014

say, if I want to disable csrf when posting data to this url -> /upload/image but, others keep on, how could I do that, i just notice in v10.0 in the bottom of config/csrf.js, there are some settings, but it seems that something related to cors and based on origin header, so is it possible to disable the particular route? thanks
@sgress454
Copy link
Member

Hi @chloetina. In the future please try posting support questions to Stackoverflow or our Google Group; this forum is for bug reports related to Sails core.

To answer your question, no, there is currently no per-route configuration for CSRF. The only way to disable it for a particular route would be to add some custom middleware after the session middleware that checks req.url, and if it matches /upload/image, places the CSRF token in req.params as if it had been send with the request.

@xr
Copy link
Author

xr commented Aug 13, 2014

@sgress454 ok, got it. thx for your answer

@pjpoirson pjpoirson mentioned this issue Aug 16, 2014
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sgress454 @xr