From a0b7bff70cf80028410a824350cd71fd81c775b7 Mon Sep 17 00:00:00 2001 From: calzoneman Date: Tue, 24 Feb 2015 10:48:51 -0600 Subject: [PATCH] Fix --- lib/web/csrf.js | 38 ++++++++++++++++++++++---------------- lib/web/webserver.js | 2 +- 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/lib/web/csrf.js b/lib/web/csrf.js index 77d62144..688370ca 100644 --- a/lib/web/csrf.js +++ b/lib/web/csrf.js @@ -7,25 +7,31 @@ var createError = require("http-errors"); var tokens = csrf(); -exports.init = function csrfInit(req, res, next) { - var secret = req.signedCookies._csrf; - if (!secret) { - secret = tokens.secretSync(); - res.cookie("_csrf", secret, { signed: true, httpOnly: true }); - } - - var token; - - req.csrfToken = function csrfToken() { - if (token) { - return token; +exports.init = function csrfInit (domain) { + return function (req, res, next) { + var secret = req.signedCookies._csrf; + if (!secret) { + secret = tokens.secretSync(); + res.cookie("_csrf", secret, { + domain: domain, + signed: true, + httpOnly: true + }); } - token = tokens.create(secret); - return token; - }; + var token; - next(); + req.csrfToken = function csrfToken() { + if (token) { + return token; + } + + token = tokens.create(secret); + return token; + }; + + next(); + }; }; exports.verify = function csrfVerify(req) { diff --git a/lib/web/webserver.js b/lib/web/webserver.js index 68eabe68..f3cca33a 100644 --- a/lib/web/webserver.js +++ b/lib/web/webserver.js @@ -191,7 +191,7 @@ module.exports = { Logger.errlog.log("YOU SHOULD CHANGE THE VALUE OF cookie-secret IN config.yaml"); } app.use(cookieParser(Config.get("http.cookie-secret"))); - app.use(csrf.init); + app.use(csrf.init(Config.get("http.root-domain-dotted"))); app.use(morgan(LOG_FORMAT, { stream: require("fs").createWriteStream(path.join(__dirname, "..", "..", "http.log"), {