| 
									
										
										
										
											2016-05-02 17:22:56 -07:00
										 |  |  | import csurf from 'csurf'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | export default function() { | 
					
						
							| 
									
										
										
										
											2018-05-23 21:10:56 +01:00
										 |  |  |   const protection = csurf( | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |       cookie: { | 
					
						
							|  |  |  |         domain: process.env.COOKIE_DOMAIN || 'localhost' | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   ); | 
					
						
							| 
									
										
										
										
											2016-05-02 21:11:49 -07:00
										 |  |  |   return function csrf(req, res, next) { | 
					
						
							| 
									
										
										
										
											2018-05-23 21:10:56 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-05-02 21:11:49 -07:00
										 |  |  |     const path = req.path.split('/')[1]; | 
					
						
							| 
									
										
										
										
											2018-08-29 20:52:41 +01:00
										 |  |  |     if (/(^api$|^external$|^internal$|^p$)/.test(path)) { | 
					
						
							| 
									
										
										
										
											2016-05-02 21:11:49 -07:00
										 |  |  |       return next(); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |     return protection(req, res, next); | 
					
						
							|  |  |  |   }; | 
					
						
							| 
									
										
										
										
											2016-05-02 17:22:56 -07:00
										 |  |  | } |