remove builtin csrf verification

This commit is contained in:
Evert Prants 2022-03-20 18:28:51 +02:00
parent 2877dac937
commit a440d1f4ac
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
2 changed files with 0 additions and 18 deletions

View File

@ -154,18 +154,6 @@ export const authorization = wrap(async (req, res) => {
return oauth2.decision(req, res, client, scope, user, redirectUri); return oauth2.decision(req, res, client, scope, user, redirectUri);
} }
// Consent pushed, ensure valid session
const {
session: { csrf },
} = req;
if (
req.method === 'POST' &&
csrf &&
!(req.body.csrf && req.body.csrf === csrf)
) {
throw new InvalidRequest('Invalid session');
}
// Save consent // Save consent
if (!consented) { if (!consented) {
if (!req.body || typeof req.body.decision === 'undefined') { if (!req.body || typeof req.body.decision === 'undefined') {

View File

@ -7,9 +7,3 @@ declare global {
} }
} }
} }
declare module 'express-session' {
interface SessionData {
csrf: string;
}
}