dailyjs-contact-form-tutorial icon indicating copy to clipboard operation
dailyjs-contact-form-tutorial copied to clipboard

Published 20 hours ago verified publisher icon alexyoung

csrf useless

Open imskull opened this issue 11 years ago • 0 comments

I set a breakpoint at csrf.js: // check if (val != token) return next(403); << breakpoint here it never triggered whatever I did. the code is trying to protect res in '/public', but csrf is only avaliable on POST because: ..csrf.js.. // ignore these methods if ('GET' == req.method || 'HEAD' == req.method || 'OPTIONS' == req.method) return next(); it's very weird.

imskull avatar Nov 29 '13 16:11 imskull