Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-27 00:56:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: CSRF handler to go back to saving in session (#10159)

Browse Source
This commit is contained in:
Julian Lam
2022-01-14 13:38:24 -05:00
committed by GitHub
parent 03f5cbcce1
commit e9ee843b27
2 changed files with 2 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/controllers/authentication.js
View File

@@ -472,8 +472,6 @@ authenticationController.logout = async function (req, res, next) {
await destroyAsync(req); await destroyAsync(req);
res.clearCookie(nconf.get('sessionKey'), meta.configs.cookie.get()); res.clearCookie(nconf.get('sessionKey'), meta.configs.cookie.get());
req.uid = 0;
req.headers['x-csrf-token'] = req.csrfToken();
await user.setUserField(uid, 'lastonline', Date.now() - (meta.config.onlineCutoff * 60000)); await user.setUserField(uid, 'lastonline', Date.now() - (meta.config.onlineCutoff * 60000));
await db.sortedSetAdd('users:online', Date.now() - (meta.config.onlineCutoff * 60000), uid); await db.sortedSetAdd('users:online', Date.now() - (meta.config.onlineCutoff * 60000), uid);

10
src/middleware/index.js
View File

@@ -34,17 +34,11 @@ middleware.regexes = {
timestampedUpload: /^\d+-.+$/, timestampedUpload: /^\d+-.+$/,
}; };
const csurfMiddleware = csrf({ const csrfMiddleware = csrf();
cookie: nconf.get('url_parsed').protocol === 'https:' ? {
secure: true,
sameSite: 'Strict',
httpOnly: true,
} : true,
});
middleware.applyCSRF = function (req, res, next) { middleware.applyCSRF = function (req, res, next) {
if (req.uid >= 0) { if (req.uid >= 0) {
csurfMiddleware(req, res, next); csrfMiddleware(req, res, next);
} else { } else {
next(); next();
} }