Merge pull request #33 from jsonshen/master

忽略图片上传时检查csrf，比直接改csrf.js源码友好一些
2025-12-08 19:55:55 +00:00 · 2012-05-20 04:14:36 -07:00 · 2012-05-20 04:14:36 -07:00 · 8c6263bfe1
commit 8c6263bfe1
parent 56c5316a44 68190e27fb
2 changed files with 10 additions and 11 deletions
--- a/app.js
+++ b/app.js
@ -26,7 +26,14 @@ app.configure(function() {
 	}));
 	// custom middleware
 	app.use(require('./controllers/sign').auth_user);
-	app.use(express.csrf());
+	
+	var csrf = express.csrf();
+	app.use(function(req, res, next){
+		// ignore upload image
+		if (req.body && req.body.user_action === 'upload_image')
+			return next();
+		csrf(req, res, next);
+	});

 	// plugins
 	var plugins = config.plugins || [];
--- a/public/stylesheets/style.css
+++ b/public/stylesheets/style.css
@ -475,20 +475,12 @@ a.count:hover {
 /* custom bootstrap */
 .navbar {
 	margin-bottom: 0px;
+	background-color: #323f4b;
 }
 .navbar .container {
 	width: 960px;
 	margin: 0px auto;
 }
-.navbar .navbar-inner{
-	-webkit-border-radius: 0px;
-	-moz-border-radius: 0px;
-	padding-left: 0px;
-	padding-right: 0px;
-	border-radius: 0px;
-	background-image: none;
-	background-color: #323f4b;
-}
 .navbar .brand {
 	padding: 7px 0px 0px 20px;
 	width: 150px;
@ -584,4 +576,4 @@ form {
 	color: white;
 	padding: 2px;
 	
-}
+}