Skip to content

Instantly share code, notes, and snippets.

@MP-C

MP-C/Challenge_CSRF_attack_cookies.js

Last active June 20, 2021 14:35
Show Gist options
  • Save MP-C/d043ea391b5ae0a3f7171ec6cf269407 to your computer and use it in GitHub Desktop.
Save MP-C/d043ea391b5ae0a3f7171ec6cf269407 to your computer and use it in GitHub Desktop.
Download ZIP
Security : attack and cookies - implemented with Express
Raw
Challenge_CSRF_attack_cookies.js
const express = require("express");
require("dotenv").config();
const app = express();
const router = express.Router();
const port = process.env.PORT || 5000;
const sessionCookie = require("express-session");
app.use("/", router);
app.use(
sessionCookie({
secret: "keyboard cat",
resave: false,
saveUninitialized: true,
cookie: { secure: true, sameSite: "strict" },
})
);
router.use(function (req, res, next) {
console.log("Time:", Date.now());
next();
});
router.get("/user/:id", function (req, res, next) {
if (req.params.id === "0") {
console.log("User not found");
} else next();
if (req.params.id === 2) {
res.send("Xavier quel formateur exceptionel");
} else {
res.send("Ce formateur n'est pas exceptionnel");
}
});
app.listen(port, (err) => {
if (err) {
console.error(`ERROR: ${err.message}`);
} else {
console.log(`Server is listening on port ${port}`);
}
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment