Introduce CSRF attack vector

madaster97 · Dec 6, 2022 · 658ca35 · 658ca35
1 parent 91e9c0c
commit 658ca35
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/index.js b/index.js
@@ -220,6 +220,14 @@ app.get('/launch', (req, res, next) => {
   }
 })
 
+app.post('/tab/:tabId/csrf-test', (req, res, next) => {
+  if (!req.oidc.isAuthenticated()) {
+    res.send('CSRF successfuly blocked!')
+  } else {
+    res.send('Oh no. The CSRF went through...')
+  }
+})
+
 app.get('/tab/:tabId/logout', requiresAuth(), async (req, res, next) => {
   const requestedTab = req.params.tabId;
   const tabDataIndex = req.appSession.tabs.findIndex(tab => tab.tabId == requestedTab);