如何修改 express/node_modules/connect/lib/middleware/csrf.js
第一次接触这些东西,不太懂。
请问,这句话应该加在什么地方?
express/node_modules/connect/lib/middleware/csrf.js 添加: if (req.body && req.body.user_action === ‘upload_image’) return next();
6 回复
加在这里
module.exports = function csrf(options) {
var options = options || {}
, value = options.value || defaultValue;
return function(req, res, next){
// generate CSRF token
var token = req.session._csrf || (req.session._csrf = utils.uid(24));
if (req.body && req.body.user_action === 'upload_image') return next();
// ignore GET (for now)
if ('GET' == req.method) return next();
// determine value
var val = value(req);
// check
if (val != token) return utils.forbidden(res);
next();
}
};
直接改crsf.js的源代码不是很友好,可以用下面的方式来实现相同的效果
var csrf = express.csrf();
app.use(function(req, res, next){
// ignore uplaod image (for now)
if (req.body && req.body.user_action === 'upload_image')
return next();
csrf(req, res, next);
});
