hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: CSRF handler to go back to saving in session (#10159)

Browse Source
isekai-main
Julian Lam 3 years ago committed by GitHub
parent 03f5cbcce1
commit e9ee843b27
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 10 deletions
Show Stats Download Patch File Download Diff File

2
src/controllers/authentication.js
Unescape Escape View File

@ -472,8 +472,6 @@ authenticationController.logout = async function (req, res, next) {
await destroyAsync(req);
res.clearCookie(nconf.get('sessionKey'), meta.configs.cookie.get());
req.uid = 0;
req.headers['x-csrf-token'] = req.csrfToken();
await user.setUserField(uid, 'lastonline', Date.now() - (meta.config.onlineCutoff * 60000));
await db.sortedSetAdd('users:online', Date.now() - (meta.config.onlineCutoff * 60000), uid);

10
src/middleware/index.js
Unescape Escape View File

@ -34,17 +34,11 @@ middleware.regexes = {
timestampedUpload: /^\d+-.+$/,
};
const csurfMiddleware = csrf({
cookie: nconf.get('url_parsed').protocol === 'https:' ? {
secure: true,
sameSite: 'Strict',
httpOnly: true,
} : true,
});
const csrfMiddleware = csrf();
middleware.applyCSRF = function (req, res, next) {
if (req.uid >= 0) {
csurfMiddleware(req, res, next);
csrfMiddleware(req, res, next);
} else {
next();
}

Write Preview
Loading…
Cancel
Save