Skip to content

Instantly share code, notes, and snippets.

@Gpx

Gpx/skip_ajax.js

Last active December 16, 2015 17:59
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Gpx/5474611 to your computer and use it in GitHub Desktop.
Save Gpx/5474611 to your computer and use it in GitHub Desktop.
Download ZIP
Skip CSRF protection for AJAX requests for Express
Raw
skip_ajax.js
var express = require('express');
var connect = require('connect');
// Disable CSRF for some requests
var conditionalCSRF = function (req, res, next) {
req.session._csrf || (req.session._csrf = connect.utils.uid(24));
if (req.method !== 'POST') {
next();
return;
}
if (req.xhr) {
next();
} else {
(express.csrf())(req, res, next);
}
};
app.use(conditionalCSRF);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment