Exclude dummy endpoint from CSRF check. It's used as a hack to enable autocomplete on certain fields.

2026-04-22 22:05:21 +02:00 · 2015-07-10 15:43:54 +09:00
parent b72943bc4d
commit 48b3d66d90
1 changed files with 7 additions and 4 deletions
--- a/lib/units/app/index.js
+++ b/lib/units/app/index.js
@@ -82,6 +82,13 @@ module.exports = function(options) {
  , authUrl: options.authUrl
  }))

+  // This needs to be before the csrf() middleware or we'll get nasty
+  // errors in the logs. The dummy endpoint is a hack used to enable
+  // autocomplete on some text fields.
+  app.all('/app/api/v1/dummy', function(req, res) {
+    res.send('OK')
+  })
+
  app.use(bodyParser.json())
  app.use(csrf())
  app.use(validator())
@@ -91,10 +98,6 @@ module.exports = function(options) {
    next()
  })

-  app.all('/app/api/v1/dummy', function(req, res) {
-    res.send('')
-  })
-
  app.get('/', function(req, res) {
    res.render('index')
  })