javascript - Disable CSRF for a specific route? (Lusca) -

April 15, 2014

i have instructure canvas running on ubuntu server. clicking on link tool provider calls post rejected lusca, causing 403.

i've tried implement meddleware make exception. clicking tool link causes server hang minute, followed 403. no information appears in console me diagnose further. thoughts?

relevant folders structure

>node_modules  >meddleware  >lusca  >server   routes.js   express.js  >config    config.json  >lti    lti.controller.js    index.js

routes.js

  app.use('/lti', require('/lti'));

express.js

   var ltimiddleware = require("express-ims-lti");    var meddleware = require('meddleware'),         mconfig = require('shush')('/config.json');     export default function(app) {       app.use(meddleware(mconfig));       app.use(ltimiddleware({         consumer_key: "key",         consumer_secret: "secret",       }));

config.js

{   "middleware": {     "appsec": {       "module": {         "arguments": [           {             "xframe": "sameorigin",             "p3p": false,             "csp": false           }         ]       }     },     "csrf": {       "enabled": true,       "priority": 111,       "route": "./((?!lti))*",       "module": {         "name": "lusca",         "method": "csrf",         "arguments": [ {} ]       }     }    } }

lti/index.js

'use strict';  var express = require('express'); var controller = require('./lti.controller.js');  var router = express.router();  router.post('/', controller.index);  module.exports = router;

have excluded code/files try , keep brief , relevant.

thanks

Search This Blog

CSS

javascript - Disable CSRF for a specific route? (Lusca) -

Comments

Post a Comment

Popular posts from this blog

aws api gateway - SerializationException in posting new Records via Dynamodb Proxy Service in API -

asp.net - Problems sending emails from forum -

php - Getting 500 Error in admn grid edit form -