Added new modules to help prevent Cross Site Request Forgery

[sdnc/oam.git] / admportal / server / app.js

diff --git a/admportal/server/app.js b/admportal/server/app.js
index 33cdb64..898645e 100644 (file)
--- a/admportal/server/app.js
+++ b/admportal/server/app.js
@@ -8,6 +8,7 @@ var PropertiesReader = require('properties-reader');
 var properties = PropertiesReader(process.argv[2]); //property file passed
 var morgan = require('morgan');
 var _ = require('lodash');
+var expressSanitizer = require('express-sanitizer');
 //var multer = require('multer');
 //var done=false;
 
@@ -47,6 +48,9 @@ app.use(bodyParser.urlencoded({
   extended: true
 }));
 
+// mount express-sanitizer here
+app.use(expressSanitizer()); // this line needs to follow bodyParser
+
 app.use(accesslog); // http access log
 app.use(express.static(process.cwd() + '/public')); // static files