From 25b1e7178447a56a7e02ff71024cb99a6c0b1d14 Mon Sep 17 00:00:00 2001 From: Alice Gaudon Date: Fri, 28 Aug 2020 16:52:43 +0200 Subject: [PATCH] CSRFProtectionComponent: give more room for excluding requests --- src/components/CsrfProtectionComponent.ts | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/components/CsrfProtectionComponent.ts b/src/components/CsrfProtectionComponent.ts index 621e155..f1f2592 100644 --- a/src/components/CsrfProtectionComponent.ts +++ b/src/components/CsrfProtectionComponent.ts @@ -1,19 +1,19 @@ import ApplicationComponent from "../ApplicationComponent"; -import {Router} from "express"; +import {Request, Router} from "express"; import crypto from "crypto"; import {BadRequestError} from "../HttpError"; export default class CsrfProtectionComponent extends ApplicationComponent { - private static readonly routeExcluders: ((path: string) => boolean)[] = []; + private static readonly excluders: ((req: Request) => boolean)[] = []; - public static addRouteExcluder(excluder: (path: string) => boolean) { - this.routeExcluders.push(excluder); + public static addExcluder(excluder: (req: Request) => boolean) { + this.excluders.push(excluder); } public async handle(router: Router): Promise { router.use(async (req, res, next) => { - for (const excluder of CsrfProtectionComponent.routeExcluders) { - if (excluder(req.path)) return next(); + for (const excluder of CsrfProtectionComponent.excluders) { + if (excluder(req)) return next(); } if (!req.session) {