Skip to content

Commit

Permalink
Merge pull request #493 from finos/fix/remove-lusca-csrf
Browse files Browse the repository at this point in the history 
Remove CSRF due to login breakage
  • Loading branch information
@JamieSlome
JamieSlome authored Mar 22, 2024
2 parents 1dedd9f + ce09e59 commit c17ca39
Show file tree
Hide file tree
Showing 3 changed files with 0 additions and 23 deletions.
20 changes: 0 additions & 20 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,6 @@
"jsonschema": "^1.4.1",
"load-plugin": "^6.0.0",
"lodash": "^4.17.21",
"lusca": "^1.7.0",
"moment": "^2.29.4",
"mongodb": "^5.0.0",
"nodemailer": "^6.6.1",
Expand Down
2 changes: 0 additions & 2 deletions src/service/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ const http = require('http');
const cors = require('cors');
const app = express();
const rateLimit = require('express-rate-limit');
const csrf = require('lusca').csrf;

const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
Expand Down Expand Up @@ -36,7 +35,6 @@ const start = async () => {
saveUninitialized: false,
}),
);
app.use(csrf());
app.use(passport.initialize());
app.use(passport.session());
app.use(express.json());
Expand Down

0 comments on commit c17ca39

Please sign in to comment.