Skip to content

Commit

Permalink
Merge pull request #499 from finos/492-error-csrf-token-missing
Browse files Browse the repository at this point in the history 
Re-introduce CSRF protection with Lusca ❤️ #497
  • Loading branch information
@JamieSlome
JamieSlome authored Mar 25, 2024
2 parents a6717e4 + 0285857 commit ad05a96
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 0 deletions.
20 changes: 20 additions & 0 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@
"jsonschema": "^1.4.1",
"load-plugin": "^6.0.0",
"lodash": "^4.17.21",
"lusca": "^1.7.0",
"moment": "^2.29.4",
"mongodb": "^5.0.0",
"nodemailer": "^6.6.1",
Expand Down
2 changes: 2 additions & 0 deletions src/service/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ const http = require('http');
const cors = require('cors');
const app = express();
const rateLimit = require('express-rate-limit');
const lusca = require('lusca');

const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
Expand Down Expand Up @@ -40,6 +41,7 @@ const start = async () => {
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
app.use('/', routes);
app.use(lusca.csrf());

await _httpServer.listen(uiPort);

Expand Down

0 comments on commit ad05a96

Please sign in to comment.