From 7b9dbb5afd3618104dc1b2b06bfb7617471e3da1 Mon Sep 17 00:00:00 2001 From: gaba Date: Wed, 4 Jan 2017 12:24:01 -0300 Subject: [PATCH] Review changes. --- app.js | 6 ++++-- client/coral-admin/src/actions/users.js | 2 +- client/coral-framework/actions/auth.js | 6 +++--- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/app.js b/app.js index 602c36320..eb515a0f1 100644 --- a/app.js +++ b/app.js @@ -73,8 +73,10 @@ app.use(session(session_opts)); app.use(cookieParser()); app.use((err, req, res, next) => { - res.locals._csrf = req.csrfToken(); - return next(); + if (req.method === 'POST') { + res.locals._csrf = req.csrfToken(); + } + next(); }); //============================================================================== diff --git a/client/coral-admin/src/actions/users.js b/client/coral-admin/src/actions/users.js index e570be292..30c20290f 100644 --- a/client/coral-admin/src/actions/users.js +++ b/client/coral-admin/src/actions/users.js @@ -9,7 +9,7 @@ export const userStatusUpdate = (status, userId, commentId) => { return (dispatch, getState) => { dispatch({type: actions.UPDATE_STATUS_REQUEST}); const _csrf = getState().auth.get('_csrf'); - return coralApi(`/users/${userId}/status`, {method: 'POST', body: {status: status, comment_id: commentId}, _csrf: _csrf}) + return coralApi(`/users/${userId}/status`, {method: 'POST', body: {status: status, comment_id: commentId}, _csrf}) .then(res => dispatch({type: actions.UPDATE_STATUS_SUCCESS, res})) .catch(error => dispatch({type: actions.UPDATE_STATUS_FAILURE, error})); }; diff --git a/client/coral-framework/actions/auth.js b/client/coral-framework/actions/auth.js index 28e4a6a3c..581fb729c 100644 --- a/client/coral-framework/actions/auth.js +++ b/client/coral-framework/actions/auth.js @@ -26,7 +26,7 @@ const signInFailure = error => ({type: actions.FETCH_SIGNIN_FAILURE, error}); export const fetchSignIn = (formData) => (dispatch, getState) => { dispatch(signInRequest()); const _csrf = getState().auth.get('_csrf'); - coralApi('/auth/local', {method: 'POST', body: formData, _csrf: _csrf}) + coralApi('/auth/local', {method: 'POST', body: formData, _csrf}) .then(({user}) => { const isAdmin = !!user.roles.filter(i => i === 'admin').length; dispatch(signInSuccess(user, isAdmin)); @@ -77,7 +77,7 @@ export const fetchSignUp = formData => (dispatch, getState) => { dispatch(signUpRequest()); const _csrf = getState().auth.get('_csrf'); - coralApi('/users', {method: 'POST', body: formData, _csrf: _csrf}) + coralApi('/users', {method: 'POST', body: formData, _csrf}) .then(({user}) => { dispatch(signUpSuccess(user)); setTimeout(() =>{ @@ -97,7 +97,7 @@ export const fetchForgotPassword = email => (dispatch, getState) => { dispatch(forgotPassowordRequest(email)); const _csrf = getState().auth.get('_csrf'); - coralApi('/users/request-password-reset', {method: 'POST', body: {email}, _csrf: _csrf}) + coralApi('/users/request-password-reset', {method: 'POST', body: {email}, _csrf}) .then(() => dispatch(forgotPassowordSuccess())) .catch(error => dispatch(forgotPassowordFailure(error))); };