[feat] Added Lusca middleware for CSRF [fixes #828] #997
Conversation
| // Lusca CSRF config | ||
| csrf: { | ||
| csrf: false, | ||
| csp: { /* ... */}, |
|
I didn't test but I believe the server route tests might break unless the csrf token is passed. Tests might need to be updated in order to handle the inclusion of this middleware. Just a heads-up before merging this in. |
| p3p: 'ABCDEF', | ||
| hsts: { maxAge: 31536000, // Forces HTTPS for one year | ||
| includeSubDomains: true, | ||
| preload: true }, |
There was a problem hiding this comment.
Between line 28/29?
There was a problem hiding this comment.
The comment is on 37, the newline should be before the } in 37.
|
@yilenpan see my comments. Overall, this is a great addition. |
|
Bumping milestone to 0.5.0 so we're not holding up 0.4.2 |
|
@lirantal any progress on this? |
|
I haven't had a chance to try out the changes introduced in this PR yet. |
|
@ilanbiala sure but let's see if @yilenpan wishes to get back to this for the required fixes (been a couple of months since), otherwise I'll take over. |
|
Hey fellas, sorry for being a little MIA, I've rebased pushed up the new changes. Seems to trip up the linter for some reason, so I'll try and figure that one out too :( |
|
Hmm.. Looks like there's an error in the |
|
Hey guys, middleware has been added and build is passing. Best -Y |
| @@ -43,6 +43,7 @@ | |||
| "helmet": "~0.9.1", | |||
| "jasmine-core": "~2.3.4", | |||
| "lodash": "~3.10.0", | |||
| "lusca": "^1.3.0", | |||
|
Left a line comment. Also, make sure the commit message matches the guidelines outlined in CONTRIBUTING.md. |
Added lusca for CSRF protection as per issue meanjs#828 Fixes meanjs#828
|
The Node.js 0.12 macosx build failed when trying to install protractor, all other builds passed. May want to rerun that test? |
|
Reran it. |
|
@lirantal LGTM, wanna take a look? |
|
Great.
|
[feat] Added Lusca middleware for CSRF [fixes #828]
|
Who is going to implement the frontend for the tokens? |
Added Lusca middleware for CSRF