Fixed autofill for HTTPS.

Added dummy API endpoint for autofill POST requests. Autofill also reads the CSRF token from cookies and doesn't require an 'about:blank' anymore on the forms.
2026-04-19 08:33:24 +02:00 · 2015-01-06 18:35:23 +09:00
parent 3e2628b235
commit 91b1861d8d
8 changed files with 46 additions and 14 deletions
--- a/lib/units/app/index.js
+++ b/lib/units/app/index.js
@@ -87,6 +87,15 @@ module.exports = function(options) {
  app.use(csrf())
  app.use(validator())

+  app.use(function(req, res, next) {
+    res.cookie('XSRF-TOKEN', req.csrfToken())
+    next()
+  })
+
+  app.all('/app/api/v1/dummy', function(req, res) {
+    res.send('')
+  })
+
  app.get('/', function(req, res) {
    res.render('index')
  })