IN CSRF hook, only lowercase the route path if the route isn't a regex

balderdashy · Sep 8, 2019 · f7a0f04 · f7a0f04
1 parent 8242374
commit f7a0f04
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/lib/hooks/security/csrf/index.js b/lib/hooks/security/csrf/index.js
@@ -29,7 +29,7 @@ module.exports = function(sails) {
       _.each(sortedRouteAddresses, function(address) {
 
         var routeInfo = detectVerb(address);
-        var path = routeInfo.original.toLowerCase();
+        var path = routeInfo.original;
         var verb = routeInfo.verb.toLowerCase();
         var target = sails.router.explicitRoutes[address];
 
@@ -55,6 +55,7 @@ module.exports = function(sails) {
         if (matches) {
           regex = new RegExp(matches[1]);
         } else {
+          path = path.toLowerCase();
           regex = pathToRegexp(path);
         }