marketing-shibata50/tududi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tududi/backend
History
Chris Veleris 94da7a4de9 fix: apply CSRF protection only to state-changing HTTP methods 
The lusca CSRF middleware was being applied to all requests including
safe methods like GET, causing "CSRF token missing" errors for endpoints
like /api/registration-status.

CSRF protection should only apply to state-changing methods (POST, PUT,
PATCH, DELETE), not to safe methods (GET, HEAD, OPTIONS) which cannot
modify server state.

This fix adds a check to bypass CSRF validation for safe HTTP methods
while maintaining protection for all state-changing operations.
2026-04-13 12:30:16 +03:00
..
cmd Fix isEmail validation failure on valid emails during Docker setup (#835) 2026-02-11 15:42:11 +02:00
config Setup infra for reverse proxy (#831) 2026-02-10 20:22:51 +02:00
docs/swagger Update swagger (#906) 2026-03-04 18:47:48 +02:00
middleware feat: Add OIDC/SSO authentication support (#1008) 2026-04-13 12:17:35 +03:00
migrations feat: Add OIDC/SSO authentication support (#1008) 2026-04-13 12:17:35 +03:00
models feat: Add OIDC/SSO authentication support (#1008) 2026-04-13 12:17:35 +03:00
modules feat: Add OIDC/SSO authentication support (#1008) 2026-04-13 12:17:35 +03:00
scripts Fix bug 366 (#764) 2026-01-07 18:18:07 +02:00
seeders Fix bug 366 (#764) 2026-01-07 18:18:07 +02:00
services Fix bug 366 (#764) 2026-01-07 18:18:07 +02:00
shared Fix bug 366 (#764) 2026-01-07 18:18:07 +02:00
tests feat: Add OIDC/SSO authentication support (#1008) 2026-04-13 12:17:35 +03:00
utils feat: Add OIDC/SSO authentication support (#1008) 2026-04-13 12:17:35 +03:00
.env.example feat: Add MCP Integration with client-agnostic instructions (#953) 2026-03-20 16:55:49 +02:00
.env.test Feat: habits (#707) 2025-12-13 08:47:52 +02:00
.prettierignore Add 'dist' paths to git & prettier ignore. 2025-07-22 11:45:14 +03:00
.prettierrc.json Linting cleanup (#99) 2025-07-01 11:40:09 +03:00
.sequelizerc Express migration (#80) 2025-06-16 21:50:44 +03:00
app.js fix: apply CSRF protection only to state-changing HTTP methods 2026-04-13 12:30:16 +03:00
database.sqlite Fix bug 619 (#629) 2025-12-02 18:00:36 +02:00
eslint.config.js Sorting fixes (#174) 2025-07-17 17:43:56 +03:00
jest.config.js Fix E2E test breakage (#380) 2025-10-05 16:04:46 +03:00