freeCodeCamp/api-server/server/middlewares/csurf.js

import csurf from 'csurf';

export default function() {
  const protection = csurf({
    cookie: {
      domain: process.env.COOKIE_DOMAIN || 'localhost'
    }
  });
  return function csrf(req, res, next) {
    const path = req.path.split('/')[1];
    if (/(^api$|^unauthenticated$|^internal$|^p$)/.test(path)) {
      return next();
    }
    return protection(req, res, next);
  };
}
Add csrf protection 2016-05-02 17:22:56 -07:00			`import csurf from 'csurf';`

			`export default function() {`
feat: Use prettier-eslint to format code 2019-02-18 19:32:49 +00:00			`const protection = csurf({`
			`cookie: {`
			`domain: process.env.COOKIE_DOMAIN \|\| 'localhost'`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`}`
feat: Use prettier-eslint to format code 2019-02-18 19:32:49 +00:00			`});`
Remove csrf from api calls 2016-05-02 21:11:49 -07:00			`return function csrf(req, res, next) {`
			`const path = req.path.split('/')[1];`
feat: use eslint with prettier to format code 2019-02-19 01:59:12 +03:00			`if (/(^api$\|^unauthenticated$\|^internal$\|^p$)/.test(path)) {`
Remove csrf from api calls 2016-05-02 21:11:49 -07:00			`return next();`
			`}`
			`return protection(req, res, next);`
			`};`
Add csrf protection 2016-05-02 17:22:56 -07:00			`}`