epistemophiliac/fabric-samples
1
0
Fork 0
mirror of https://github.com/hyperledger/fabric-samples.git synced 2026-06-25 19:15:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Cross-Site Request Forgery (CSRF)

Browse source 
CSRF protection is disabled for your Express app. This allows the attackers to execute requests on a user's behalf.

Signed-off-by: Bhaskar Ram <bhaskarvilles@duck.com>
This commit is contained in:
Bhaskar Ram 2022-10-25 21:42:19 +05:30
parent 07b1b54159
commit 8c24cff6b1
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
asset-transfer-basic/rest-api-typescript/src/server.ts
View file

@ -2,7 +2,7 @@
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
import connect, { Application, NextFunction, Request, Response } from 'connect'; import express, { Application, NextFunction, Request, Response } from 'express';
import helmet from 'helmet'; import helmet from 'helmet';
import { getReasonPhrase, StatusCodes } from 'http-status-codes'; import { getReasonPhrase, StatusCodes } from 'http-status-codes';
import passport from 'passport'; import passport from 'passport';
@ -18,7 +18,7 @@ import cors from 'cors';
const { BAD_REQUEST, INTERNAL_SERVER_ERROR, NOT_FOUND } = StatusCodes; const { BAD_REQUEST, INTERNAL_SERVER_ERROR, NOT_FOUND } = StatusCodes;
export const createServer = async (): Promise<Application> => { export const createServer = async (): Promise<Application> => {
const app = connect(); const app = express();
app.use( app.use(
pinoMiddleware({ pinoMiddleware({
@ -40,8 +40,8 @@ export const createServer = async (): Promise<Application> => {
}) })
); );
app.use(connect.json()); app.use(express.json());
app.use(connect.urlencoded({ extended: true })); app.use(express.urlencoded({ extended: true }));
//define passport startegy //define passport startegy
passport.use(fabricAPIKeyStrategy); passport.use(fabricAPIKeyStrategy);