Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: CSRF handler to go back to saving in session (#10159)

Browse Source
This commit is contained in:
Julian Lam
2022-01-14 13:38:24 -05:00
committed by GitHub
parent 03f5cbcce1
commit e9ee843b27
2 changed files with 2 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/controllers/authentication.js
View File

@@ -472,8 +472,6 @@ authenticationController.logout = async function (req, res, next) {
await destroyAsync(req);
res.clearCookie(nconf.get('sessionKey'), meta.configs.cookie.get());
req.uid = 0;
req.headers['x-csrf-token'] = req.csrfToken();
await user.setUserField(uid, 'lastonline', Date.now() - (meta.config.onlineCutoff * 60000));
await db.sortedSetAdd('users:online', Date.now() - (meta.config.onlineCutoff * 60000), uid);

10
src/middleware/index.js
View File

@@ -34,17 +34,11 @@ middleware.regexes = {
timestampedUpload: /^\d+-.+$/,
};
const csurfMiddleware = csrf({
cookie: nconf.get('url_parsed').protocol === 'https:' ? {
secure: true,
sameSite: 'Strict',
httpOnly: true,
} : true,
});
const csrfMiddleware = csrf();
middleware.applyCSRF = function (req, res, next) {
if (req.uid >= 0) {
csurfMiddleware(req, res, next);
csrfMiddleware(req, res, next);
} else {
next();
}