Fix emails and csrf

This commit is contained in:
Jonathan Cremin 2018-08-11 12:08:16 +01:00
parent c6e420893a
commit 207c12973e
7 changed files with 80 additions and 138 deletions

View file

@ -35,7 +35,14 @@ router.use(async (ctx, next) => {
await next();
});
router.use(new CSRF());
router.use(new CSRF({
invalidSessionSecretMessage: 'Invalid session secret',
invalidSessionSecretStatusCode: 403,
invalidTokenMessage: 'Invalid CSRF token',
invalidTokenStatusCode: 403,
excludedMethods: ['GET', 'HEAD', 'OPTIONS'],
disableQuery: false,
}));
router.use(views(path.join(__dirname, 'views'), {
extension: 'ejs',