|
@@ -122,7 +122,8 @@ module.exports = function(crowi, app) {
|
|
|
});
|
|
});
|
|
|
|
|
|
|
|
// csurf should be initialized after express-session
|
|
// csurf should be initialized after express-session
|
|
|
- app.use(csrf({ cookie: false }));
|
|
|
|
|
|
|
+ // default methods + PUT. See: https://expressjs.com/en/resources/middleware/csurf.html#ignoremethods
|
|
|
|
|
+ app.use(csrf({ ignoreMethods: ['GET', 'HEAD', 'OPTIONS', 'PUT'], cookie: false }));
|
|
|
|
|
|
|
|
// passport
|
|
// passport
|
|
|
debug('initialize Passport');
|
|
debug('initialize Passport');
|
yohei0125