From ea95668a76f85a9412975d8a85661cf011b9d085 Mon Sep 17 00:00:00 2001
From: psibean <psionatix@gmail.com>
Date: Fri, 17 Feb 2023 15:19:41 -0500
Subject: [PATCH] fix: update csrf parser to accept csrf_token form value if
 present

---
 src/middleware/csrf.js       | 4 ++--
 src/routes/authentication.js | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/middleware/csrf.js b/src/middleware/csrf.js
index e81c1ef200..f6af0c625b 100644
--- a/src/middleware/csrf.js
+++ b/src/middleware/csrf.js
@@ -9,8 +9,8 @@ const {
 	getTokenFromRequest: (req) => {
 		if (req.headers['x-csrf-token']) {
 			return req.headers['x-csrf-token'];
-		} else if (req.query) {
-			return req.query._csrf;
+		} else if (req.body.csrf_token) {
+			return req.body.csrf_token;
 		}
 	},
 	size: 64,
diff --git a/src/routes/authentication.js b/src/routes/authentication.js
index 62c1e15363..df7e33138b 100644
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@@ -172,7 +172,7 @@ Auth.reloadRoutes = async function (params) {
 
 	router.post('/register', middlewares, controllers.authentication.register);
 	router.post('/register/complete', middlewares, controllers.authentication.registerComplete);
-	router.post('/register/abort', Auth.middleware.applyCSRF, controllers.authentication.registerAbort);
+	router.post('/register/abort', middlewares, controllers.authentication.registerAbort);
 	router.post('/login', Auth.middleware.applyCSRF, Auth.middleware.applyBlacklist, controllers.authentication.login);
 	router.post('/logout', Auth.middleware.applyCSRF, controllers.authentication.logout);
 };