fixes incorrectly applied doubleCsrf to REST routes

This commit is contained in:
nai-degen 2023-08-10 15:54:01 -05:00
parent 9b184ab245
commit c05bfefba4
1 changed files with 4 additions and 7 deletions

View File

@ -15,13 +15,10 @@ adminRouter.use(
adminRouter.use(cookieParser());
adminRouter.use(injectCsrfToken);
adminRouter.use("/", checkCsrfToken, loginRouter);
adminRouter.use("/users", authorize({ via: "header" }), apiRouter);
adminRouter.use(
"/manage",
authorize({ via: "cookie" }),
checkCsrfToken,
uiRouter
);
adminRouter.use(checkCsrfToken); // All UI routes require CSRF token
adminRouter.use("/", loginRouter);
adminRouter.use("/manage", authorize({ via: "cookie" }), uiRouter);
export { adminRouter };