本文介绍了在API调用后删除CSRF protecteion的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想从我的前夫preSS 3.0应用程序中删除CSRF,因为我并不需要它。我使用OAuth验证客户端。是一个中间件白名单API网址使用前press.csrf()的时候?
I would like to remove csrf from my Express 3.0 application as i don't need it there. I use oauth to validate clients. Is the a middleware to whitelist API urls when using express.csrf()?
推荐答案
您可以做两种方式。
1)创建您自己的小中间件允许白名单中的URL模式不被堵塞CSRF等;
1.) Create a small middleware of your own to allow white list url patterns not to be blocked by csrf like;
var express = require("express");
var expressCsrf = express.csrf();
var app = express.createServer();
var customCsrf = function (req, res, next) {
// I assume exact match, but you can use regex match here
var csrfEnabled = true;
var whiteList = new Array("/pattern1/param1","/pattern2/param2","/pattern3/param3");
if (whiteList.indexOf(req.path) != -1) {
csrfEnabled = false;
}
if (csrfEnabled) {
expressCsrf(req, res, next);
} else {
next();
}
}
app.use(customCsrf);
app.listen(3000);
2)使用CSRF您要启用的控制器中间件。例如,要在个人资料中使用CSRF查询保存控制器;
2.) Use csrf middleware on your controllers you want to enable. For example, you want to use csrf check on profile save controller;
app.post("/profile/save", express.csrf(), function(req, res, next) {
// put your code here
});
这篇关于在API调用后删除CSRF protecteion的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!