Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question: omitted options do not set defaults in this.tokens #44

Closed
jcalfee opened this issue Nov 4, 2017 · 1 comment
Closed

Question: omitted options do not set defaults in this.tokens #44

jcalfee opened this issue Nov 4, 2017 · 1 comment

Comments

@jcalfee
Copy link

jcalfee commented Nov 4, 2017

If opts is omitted, this.tokens = csrf(opts) is created without the default values .. all the default values went into this.opts .. So either that is a bug or the code could probably be clearer commenting why this is the case and perhaps moving this.tokens = csrf(opts); closer to the top.

I think the fix is to change:
this.tokens = csrf(opts);
to
this.tokens = csrf(this.opts);

  constructor(opts) {

    this.opts = opts || {};

    if (!this.opts.invalidSessionSecretMessage)
      this.opts.invalidSessionSecretMessage = 'Invalid session secret';

    if (!this.opts.invalidSessionSecretStatusCode)
      this.opts.invalidSessionSecretStatusCode = 403;

    if (!this.opts.invalidTokenMessage)
      this.opts.invalidTokenMessage = 'Invalid CSRF token';

    if (!this.opts.invalidTokenStatusCode)
      this.opts.invalidTokenStatusCode = 403;

    if (!this.opts.excludedMethods)
      this.opts.excludedMethods = [ 'GET', 'HEAD', 'OPTIONS' ];

    if (typeof this.opts.disableQuery !== 'boolean')
      this.opts.disableQuery = false;

    this.tokens = csrf(opts);

    return this.middleware;

}

https://github.com/koajs/csrf/blob/master/src/index.js#L13
stephenmathieson added a commit that referenced this issue Nov 4, 2017
@stephenmathieson
fix options and misc cleanup
eb6a6b4 
closes #44
@stephenmathieson stephenmathieson mentioned this issue Nov 4, 2017
Closed
@stephenmathieson
Copy link
Contributor

It's a bug for sure. Fixed in #45

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix options koajs/csrf
2 participants
@jcalfee @stephenmathieson