fix: csrf not set for egg-security

easy-team · Mar 15, 2018 · 7f68210 · 7f68210
1 parent ac1b524
commit 7f68210
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 6 deletions.
diff --git a/app/extend/context.js b/app/extend/context.js
@@ -4,7 +4,7 @@ module.exports = {
     return this.renderVueClient(name, locals, options);
   },
   renderVueClient(name, locals, options = {}) {
-    locals = this.app.vue.normalizeLocals(locals);
+    locals = this.app.vue.normalizeLocals(this, locals);
     return this.app.vue.renderClient(name, locals, options).then(html => {
       this.body = html;
     });

diff --git a/lib/engine.js b/lib/engine.js
@@ -43,11 +43,11 @@ class Engine {
     return this[VUE_RESOURCE];
   }
 
-  normalizeLocals(locals = {}) {
+  normalizeLocals(ctx, locals = {}) {
     [ 'ctx', 'request', 'helper' ].forEach(key => {
       Object.defineProperty(locals, key, { enumerable: false });
     });
-    return locals;
+    return Object.assign({}, { csrf: ctx.csrf }, locals);
   }
   createBundleRenderer(name, renderOptions) {
     if (this.bundleCache) {

diff --git a/lib/view.js b/lib/view.js
@@ -2,6 +2,7 @@
 
 class View {
   constructor(ctx) {
+    this.ctx = ctx;
     this.app = ctx.app;
     this.config = this.app.config.vuessr;
   }
@@ -15,7 +16,7 @@ class View {
    * @return {Object} Promise
    */
   render(name, locals, options = {}) {
-    locals = this.app.vue.normalizeLocals(locals);
+    locals = this.app.vue.normalizeLocals(this.ctx, locals);
     const context = { state: locals };
     return this.app.vue.render(name, context, options).then(html => {
       return this.app.vue.resource.inject(html, options.name, context, options);
@@ -29,7 +30,7 @@ class View {
   }
 
   renderString(tpl, locals) {
-    locals = this.app.vue.normalizeLocals(locals);
+    locals = this.app.vue.normalizeLocals(this.ctx, locals);
     return this.app.vue.renderString(tpl, locals);
   }
 }

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "egg-view-vue-ssr",
-  "version": "3.0.7",
+  "version": "3.0.8",
   "description": "vue server side render solution for egg",
   "eggPlugin": {
     "name": "vuessr"

diff --git a/test/view-vue-ssr.test.js b/test/view-vue-ssr.test.js
@@ -36,6 +36,7 @@ describe('test/view-vue-ssr.test.js', () => {
         .get('/render')
         .expect(200)
         .expect(res => {
+          assert(res.text.indexOf('"csrf"') > -1);
           assert(res.text.indexOf('data-server-rendered="true"') > -1);
           assert(res.text.indexOf('</body></html>') > -1);
           assert(res.text.indexOf('vue server side render!') > -1);
@@ -50,6 +51,7 @@ describe('test/view-vue-ssr.test.js', () => {
         .get('/renderClient')
         .expect(200)
         .expect(res => {
+          assert(res.text.indexOf('"csrf"') > -1);
           assert(res.text.indexOf('data-server-rendered="true"') > -1);
           assert(res.text.indexOf('name="client"') > -1);
           assert(res.text.indexOf('vue server side render!') > -1);
@@ -65,6 +67,7 @@ describe('test/view-vue-ssr.test.js', () => {
         .get('/renderVueClient')
         .expect(200)
         .expect(res => {
+          assert(res.text.indexOf('"csrf"') > -1);
           assert(res.text.indexOf('data-server-rendered="true"') > -1);
           assert(res.text.indexOf('name="client"') > -1);
           assert(res.text.indexOf('vue server side render!') > -1);