2016-05-02 17:22:56 -07:00
|
|
|
import csurf from 'csurf';
|
|
|
|
|
|
|
|
|
|
export default function() {
|
2019-02-18 19:32:49 +00:00
|
|
|
const protection = csurf({
|
|
|
|
|
cookie: {
|
2020-06-16 17:18:48 +02:00
|
|
|
domain: process.env.COOKIE_DOMAIN || 'localhost',
|
|
|
|
|
sameSite: 'strict',
|
2020-06-22 12:27:20 +02:00
|
|
|
secure: process.env.FREECODECAMP_NODE_ENV === 'production'
|
2018-05-23 21:10:56 +01:00
|
|
|
}
|
2019-02-18 19:32:49 +00:00
|
|
|
});
|
2016-05-02 21:11:49 -07:00
|
|
|
return function csrf(req, res, next) {
|
2020-03-19 12:20:04 +05:30
|
|
|
const { path } = req;
|
2020-03-21 01:39:29 +05:30
|
|
|
if (
|
|
|
|
|
// eslint-disable-next-line max-len
|
|
|
|
|
/^\/hooks\/update-paypal$|^\/hooks\/update-stripe$|^\/donate\/charge-stripe$/.test(
|
|
|
|
|
path
|
|
|
|
|
)
|
|
|
|
|
) {
|
2016-05-02 21:11:49 -07:00
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
return protection(req, res, next);
|
|
|
|
|
};
|
2016-05-02 17:22:56 -07:00
|
|
|
}
|
