csurf
csurf copied to clipboard
expressjs
Exposed verify token. Fixes #43.
Thanks, looking good! The tests are failing in Node.js 0.12 and up, it looks like. Seems like just an issue in the tests themselves, I would guess.
Awesome, I'll take a look at it in 0.12 and see if I can find out what's going on.
@YourDeveloperFriend @dougwilson Any update on the status of this PR? Tests seem to be passing and code approved - would be great to have access to this functionality without having to use a forked version. Happy to contribute if there's more work to be done.
Hi @camacho , sorry, I didn't realize the issue was addressed, as there was no follow-up comment after "I'll take a look" and GitHub provides no notifications for when new commits are pushed to a PR, so it completely dropped off my radar.
no worries @dougwilson - is there anything additional that needs to be done with this PR?
This would be great to get implemented.. would be nice to base64 encode/decode or encrypt tokens during use.
Is there anything I could do to help move this along? I was about to fork myself to build this exact feature. I would very much prefer to be able to use the upstream library.
AFAIK there's nothing on my end that needs to happen. Please let me know if there's something that's missing from my PR.
👍 For this feature. My use case is the same as #43 in that I'm validating state within an OAuth callback.
👍 for this. I also want to use csurf to validate state in an OAuth context.
For anyone needing csurf in the context of an OAuth callback you can use the following as a middleware:
const csrfProtection = csrf({
value: function(req) {
// grab the csrf token from the query param
return req.query.state;
},
// by default csurf ignores GET requests
ignoreMethods: ['HEAD', 'OPTIONS'],
});
router.get('/', csrfProtection, require('./kloudless-oauth-callback'));