gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

chore: roll back CSRF changes for the weekend

Browse Source 
This reverts commit 00193858a0.
This commit is contained in:
Mrugesh Mohapatra
2021-04-30 23:57:28 +05:30
parent 00193858a0
commit 341fe76f0f
4 changed files with 49 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
api-server/src/server/middlewares/csurf.js
View File

@ -1,14 +1,12 @@
import csurf from 'csurf';
const opts = {
domain: process.env.COOKIE_DOMAIN || 'localhost',
sameSite: 'strict',
secure: process.env.FREECODECAMP_NODE_ENV === 'production'
};
export default function getCsurf() {
const protection = csurf({
cookie: opts
cookie: {
domain: process.env.COOKIE_DOMAIN || 'localhost',
sameSite: 'strict',
secure: process.env.FREECODECAMP_NODE_ENV === 'production'
}
});
return function csrf(req, res, next) {
const { path } = req;
@ -18,13 +16,8 @@ export default function getCsurf() {
path
)
) {
next();
} else {
// add the middleware
protection(req, res, next);
// use the middleware to generate a token. The client sends this back via
// a header
res.cookie('csrf_token', req.csrfToken(), opts);
return next();
}
return protection(req, res, next);
};
}