fixes incorrectly applied doubleCsrf to REST routes
This commit is contained in:
parent
9b184ab245
commit
c05bfefba4
|
@ -15,13 +15,10 @@ adminRouter.use(
|
|||
adminRouter.use(cookieParser());
|
||||
adminRouter.use(injectCsrfToken);
|
||||
|
||||
adminRouter.use("/", checkCsrfToken, loginRouter);
|
||||
adminRouter.use("/users", authorize({ via: "header" }), apiRouter);
|
||||
adminRouter.use(
|
||||
"/manage",
|
||||
authorize({ via: "cookie" }),
|
||||
checkCsrfToken,
|
||||
uiRouter
|
||||
);
|
||||
|
||||
adminRouter.use(checkCsrfToken); // All UI routes require CSRF token
|
||||
adminRouter.use("/", loginRouter);
|
||||
adminRouter.use("/manage", authorize({ via: "cookie" }), uiRouter);
|
||||
|
||||
export { adminRouter };
|
||||
|
|
Loading…
Reference in New Issue