Skip to content

Commit

Permalink
Fix(csrf): Send csrf token for the /change-password path
Browse files Browse the repository at this point in the history
Signed-off-by: Kaung Zin Hein <[email protected]>
  • Loading branch information
Zen-cronic committed Oct 3, 2024
1 parent e855ee6 commit 8e7545d
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions src/middleware/csrf.ts
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ const safePaths = [

export default function(): Middleware {

return (ctx, next) => {
return async (ctx, next) => {

/**
* There's 2 ways a user might be authenticated, via a session cookie or
Expand All @@ -21,7 +21,12 @@ export default function(): Middleware {
if (!ctx.session.user) return next();

if (!safeMethods.includes(ctx.method) && !safePaths.includes(ctx.path)) {
ctx.validateCsrf();
if(ctx.path === '/change-password'){
ctx.validateCsrf(await ctx.getCsrf());
}
else{
ctx.validateCsrf();
}
}

delete ctx.request.body?.['csrf-token'];
Expand Down

0 comments on commit 8e7545d

Please sign in to comment.