gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: remove csrf from the client (#42242)

Browse Source
This commit is contained in:
Oliver Eyton-Williams
2021-07-16 17:49:47 +02:00
committed by GitHub
parent 017ae24894
commit 1ba9d03cb5
9 changed files with 53 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
client/src/utils/ajax.ts
View File

@@ -1,5 +1,4 @@
import envData from '../../../config/env.json';
import Tokens from 'csrf';
import cookies from 'browser-cookies';
import type { UserType } from '../redux/prop-types';
@@ -7,21 +6,17 @@ import type { UserType } from '../redux/prop-types';
const { apiLocation } = envData;
const base = apiLocation;
const tokens = new Tokens();
const defaultOptions: RequestInit = {
credentials: 'include'
};
// _csrf is passed to the client as a cookie. Tokens are sent back to the server
// via headers:
// csrf_token is passed to the client as a cookie. The client must send
// this back as a header.
function getCSRFToken() {
const _csrf = typeof window !== 'undefined' && cookies.get('_csrf');
if (!_csrf) {
return '';
} else {
return tokens.create(_csrf);
}
const token =
typeof window !== 'undefined' ? cookies.get('csrf_token') : null;
return token ?? '';
}
async function get<T>(path: string): Promise<T> {