agonza1
Reputation: 450
How to disable csrf for a specific route in Sails v1
In previous versions it was possible to disable csrf for specific routes using:
module.exports.csrf = {
"routesDisabled": "/webhooks/testhook,/webhooks/anotherhook"
}
Is there a new way to do that or should I make a small hack in the controller for auto-generate a csrf?
Upvotes: 2
Views: 821
Answers (2)
johnabrams7
Reputation: 399
Great! Official updated documentation states you can turn CSRF protection on or off on a per-route basis by adding csrf: true or csrf: false to any route in your config/routes.js file.
More info: https://sailsjs.com/documentation/concepts/security/csrf
Upvotes: 0
agonza1
Reputation: 450
Ok I figured it out, now it is done in /routes.js like this:
'PUT /webhooks/testhook': { action: 'entrance/testhook', csrf: false},
Upvotes: 4
Related Questions
- Disabling default sails.js routes
- Disable csrf validation for some requests on Express
- Disable csrf when express route is called internally
- sails.js how to get _csrf to use in vuejs
- Disable blueprint routes sails js
- CSRF problems with sailsjs
- sails.js enable csrf for browser access and disable csrf for native app access
- Apply CSRF token constraint selectively on routes for a sailsjs or expressjs app
- How to disable CSRF in a Sails application?
- SailsJS CSRF mismatch error customize