From e63aabe2eaa0d7c117098c8cd698beef13241114 Mon Sep 17 00:00:00 2001
From: Eva <kolya007.klass@gmail.com>
Date: Mon, 4 Mar 2024 21:55:07 +0300
Subject: [PATCH] Typo fix in bypass-connect-csrf-protection-by-abusing.md
 (#141)

---
 docs/bypass-connect-csrf-protection-by-abusing.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/bypass-connect-csrf-protection-by-abusing.md b/docs/bypass-connect-csrf-protection-by-abusing.md
index 0727c51..276d84e 100644
--- a/docs/bypass-connect-csrf-protection-by-abusing.md
+++ b/docs/bypass-connect-csrf-protection-by-abusing.md
@@ -18,9 +18,9 @@ Considering the following code:
 
 ```js
 ...
-app.use express.csrf()
+app.use(express.csrf())
 ...
-app.use express.methodOverride()
+app.use(express.methodOverride())
 ```
 
 Connect's CSRF middleware does not check csrf tokens in case of idempotent verbs (GET/HEAD/OPTIONS, see lib/middleware/csrf.js). As a result, it is possible to bypass this security control by sending a GET request with a POST MethodOverride header or key.