cookie option cannot be bool true or else .key is undefined...

Question

busticated opened this issue 10 years ago · comments

cookie set to a truthy value to enable cookie-based instead of session-based csrf secret storage.
- If cookie is an object, these options can be configured, otherwise defaults are used:
  - key the name of the cookie to use (defaults to _csrf) to store the csrf secret

if (options.cookie && !options.cookie.key) {
    options.cookie.key = '_csrf'
}

so, if i do the following:

app.use(express.csrf({ cookie: true }));

options.cookie.key is undefined because .key is assigned to a bool.

what am I missing?

Douglas Wilson · Answer 1 · Wed Oct 15 2014 07:04:03 GMT+0800 (China Standard Time)

Sounds like a module bug to me :)

Busticated · Answer 2 · Wed Oct 15 2014 07:10:48 GMT+0800 (China Standard Time)

hehe! thought so :-)

want a patch or have you already fixed it? :-D

Douglas Wilson · Answer 3 · Wed Oct 15 2014 07:16:06 GMT+0800 (China Standard Time)

Sorry, didn't even look at this reply until I pushed the fix ;) I'll have it published to npm in just a little bit.

Busticated · Answer 4 · Wed Oct 15 2014 07:17:41 GMT+0800 (China Standard Time)

oh no sweat! again, i figured :)

thanks a bunch! 👍

Douglas Wilson · Answer 5 · Wed Oct 15 2014 07:25:28 GMT+0800 (China Standard Time)

Thank you for the report :) Published as 1.6.2