Add csrf checking for cookie posts, fix file hotlinking

2015-08-10 11:44:47 +01:00 · 2015-08-10 11:44:47 +01:00 · b9c6598250
commit b9c6598250
parent 9ccf3d855e
7 changed files with 27 additions and 16 deletions
--- a/web/app.js
+++ b/web/app.js
@ -1,5 +1,6 @@
 import path from 'path';
 import koa from 'koa';
+import csrf from 'koa-csrf';
 import route from 'koa-route';
 import views from 'koa-views';
 import logger from 'koa-logger';
@ -36,6 +37,8 @@ const redisUrl = process.env.REDIS_URL || process.env.REDISTOGO_URL || 'redis://

 const app = koa();

+csrf(app);
+
 let statsdOpts = {prefix: 'hostr-web', host: process.env.STATSD_HOST || 'localhost'};
 let statsd = new StatsD(statsdOpts);
 app.use(function*(next) {