I am trying to follow the instructions from lusca's docs, but I am not sure on how to secure my endpoints with csrf.
here's how my code looks like:
var express = require("express");
var session = require('express-session');
var lusca = require('lusca');
var app = express();
app.use(session({
secret: 'abc',
resave: true,
saveUninitialized: true
}));
app.use(lusca.csrf());
app.get('/', function (req, res) {
// this returns csrfToken
res.send({
csrfToken: res.locals._csrf
});
});
// but how to secure this endpoint? it's still accessible without any verification
app.get('/getItems', function (req, res) {
res.send('This endpoint is not secure');
});
so the question is, how to secure getItems endpoint ?
via Ayman Jitan
No comments:
Post a Comment