Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New option for csrf #2121

Merged
merged 3 commits into from
Aug 18, 2014
Merged

New option for csrf #2121

merged 3 commits into from
Aug 18, 2014

Commits on Aug 16, 2014

  1. New option for csrf 

    You can disable csrf for a route with module.exports.csrf.routesDisabled
    @pjpoirson
    pjpoirson committed Aug 16, 2014
    Configuration menu
    Copy the full SHA
    24dd95d View commit details
    Browse the repository at this point in the history

Commits on Aug 18, 2014

  1. Merge remote-tracking branch 'core/master'

    @pjpoirson
    pjpoirson committed Aug 18, 2014
    Configuration menu
    Copy the full SHA
    88fc410 View commit details
    Browse the repository at this point in the history

  2. New csrf test 

    CSRF config ::
    ...
    with CSRF set to {protectionEnabled: true, routesDisabled: '/user'}
        ✓ a POST request on /user without a CSRF token should result in a 200 response
        ✓ a POST request on /test without a CSRF token should result in a 403 response
    @pjpoirson
    pjpoirson committed Aug 18, 2014
    Configuration menu
    Copy the full SHA
    f2dbf6a View commit details
    Browse the repository at this point in the history