remove builtin csrf verification
This commit is contained in:
parent
2877dac937
commit
a440d1f4ac
@ -154,18 +154,6 @@ export const authorization = wrap(async (req, res) => {
|
|||||||
return oauth2.decision(req, res, client, scope, user, redirectUri);
|
return oauth2.decision(req, res, client, scope, user, redirectUri);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Consent pushed, ensure valid session
|
|
||||||
const {
|
|
||||||
session: { csrf },
|
|
||||||
} = req;
|
|
||||||
if (
|
|
||||||
req.method === 'POST' &&
|
|
||||||
csrf &&
|
|
||||||
!(req.body.csrf && req.body.csrf === csrf)
|
|
||||||
) {
|
|
||||||
throw new InvalidRequest('Invalid session');
|
|
||||||
}
|
|
||||||
|
|
||||||
// Save consent
|
// Save consent
|
||||||
if (!consented) {
|
if (!consented) {
|
||||||
if (!req.body || typeof req.body.decision === 'undefined') {
|
if (!req.body || typeof req.body.decision === 'undefined') {
|
||||||
|
6
src/types/express/index.d.ts
vendored
6
src/types/express/index.d.ts
vendored
@ -7,9 +7,3 @@ declare global {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
declare module 'express-session' {
|
|
||||||
interface SessionData {
|
|
||||||
csrf: string;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
Reference in New Issue
Block a user