fix: update csrf parser to accept csrf_token form value if present

2 years ago · ea95668a76
parent cc147ab31d
commit ea95668a76
2 changed files with 3 additions and 3 deletions
--- a/src/middleware/csrf.js
+++ b/src/middleware/csrf.js
@ -9,8 +9,8 @@ const {
 	getTokenFromRequest: (req) => {
 		if (req.headers['x-csrf-token']) {
 			return req.headers['x-csrf-token'];
-		} else if (req.query) {
-			return req.query._csrf;
+		} else if (req.body.csrf_token) {
+			return req.body.csrf_token;
 		}
 	},
 	size: 64,
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@ -172,7 +172,7 @@ Auth.reloadRoutes = async function (params) {

 	router.post('/register', middlewares, controllers.authentication.register);
 	router.post('/register/complete', middlewares, controllers.authentication.registerComplete);
-	router.post('/register/abort', Auth.middleware.applyCSRF, controllers.authentication.registerAbort);
+	router.post('/register/abort', middlewares, controllers.authentication.registerAbort);
 	router.post('/login', Auth.middleware.applyCSRF, Auth.middleware.applyBlacklist, controllers.authentication.login);
 	router.post('/logout', Auth.middleware.applyCSRF, controllers.authentication.logout);
 };