chore: roll back CSRF changes for the weekend
This reverts commit 00193858a0.
			
			
This commit is contained in:
		| @@ -1,14 +1,12 @@ | |||||||
| import csurf from 'csurf'; | import csurf from 'csurf'; | ||||||
|  |  | ||||||
| const opts = { |  | ||||||
|   domain: process.env.COOKIE_DOMAIN || 'localhost', |  | ||||||
|   sameSite: 'strict', |  | ||||||
|   secure: process.env.FREECODECAMP_NODE_ENV === 'production' |  | ||||||
| }; |  | ||||||
|  |  | ||||||
| export default function getCsurf() { | export default function getCsurf() { | ||||||
|   const protection = csurf({ |   const protection = csurf({ | ||||||
|     cookie: opts |     cookie: { | ||||||
|  |       domain: process.env.COOKIE_DOMAIN || 'localhost', | ||||||
|  |       sameSite: 'strict', | ||||||
|  |       secure: process.env.FREECODECAMP_NODE_ENV === 'production' | ||||||
|  |     } | ||||||
|   }); |   }); | ||||||
|   return function csrf(req, res, next) { |   return function csrf(req, res, next) { | ||||||
|     const { path } = req; |     const { path } = req; | ||||||
| @@ -18,13 +16,8 @@ export default function getCsurf() { | |||||||
|         path |         path | ||||||
|       ) |       ) | ||||||
|     ) { |     ) { | ||||||
|       next(); |       return next(); | ||||||
|     } else { |  | ||||||
|       // add the middleware |  | ||||||
|       protection(req, res, next); |  | ||||||
|       // use the middleware to generate a token. The client sends this back via |  | ||||||
|       // a header |  | ||||||
|       res.cookie('csrf_token', req.csrfToken(), opts); |  | ||||||
|     } |     } | ||||||
|  |     return protection(req, res, next); | ||||||
|   }; |   }; | ||||||
| } | } | ||||||
|   | |||||||
							
								
								
									
										33
									
								
								client/package-lock.json
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										33
									
								
								client/package-lock.json
									
									
									
										generated
									
									
									
								
							| @@ -6712,6 +6712,16 @@ | |||||||
|       "resolved": "https://registry.npmjs.org/crypto-random-string/-/crypto-random-string-2.0.0.tgz", |       "resolved": "https://registry.npmjs.org/crypto-random-string/-/crypto-random-string-2.0.0.tgz", | ||||||
|       "integrity": "sha512-v1plID3y9r/lPhviJ1wrXpLeyUIGAZ2SHNYTEapm7/8A9nLPoyvVp3RK/EPFqn5kEznyWgYZNsRtYYIWbuG8KA==" |       "integrity": "sha512-v1plID3y9r/lPhviJ1wrXpLeyUIGAZ2SHNYTEapm7/8A9nLPoyvVp3RK/EPFqn5kEznyWgYZNsRtYYIWbuG8KA==" | ||||||
|     }, |     }, | ||||||
|  |     "csrf": { | ||||||
|  |       "version": "3.1.0", | ||||||
|  |       "resolved": "https://registry.npmjs.org/csrf/-/csrf-3.1.0.tgz", | ||||||
|  |       "integrity": "sha512-uTqEnCvWRk042asU6JtapDTcJeeailFy4ydOQS28bj1hcLnYRiqi8SsD2jS412AY1I/4qdOwWZun774iqywf9w==", | ||||||
|  |       "requires": { | ||||||
|  |         "rndm": "1.2.0", | ||||||
|  |         "tsscmp": "1.0.6", | ||||||
|  |         "uid-safe": "2.1.5" | ||||||
|  |       } | ||||||
|  |     }, | ||||||
|     "css": { |     "css": { | ||||||
|       "version": "3.0.0", |       "version": "3.0.0", | ||||||
|       "resolved": "https://registry.npmjs.org/css/-/css-3.0.0.tgz", |       "resolved": "https://registry.npmjs.org/css/-/css-3.0.0.tgz", | ||||||
| @@ -20709,6 +20719,11 @@ | |||||||
|         "ret": "~0.1.10" |         "ret": "~0.1.10" | ||||||
|       } |       } | ||||||
|     }, |     }, | ||||||
|  |     "random-bytes": { | ||||||
|  |       "version": "1.0.0", | ||||||
|  |       "resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz", | ||||||
|  |       "integrity": "sha1-T2ih3Arli9P7lYSMMDJNt11kNgs=" | ||||||
|  |     }, | ||||||
|     "randombytes": { |     "randombytes": { | ||||||
|       "version": "2.1.0", |       "version": "2.1.0", | ||||||
|       "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", |       "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", | ||||||
| @@ -22204,6 +22219,11 @@ | |||||||
|         "inherits": "^2.0.1" |         "inherits": "^2.0.1" | ||||||
|       } |       } | ||||||
|     }, |     }, | ||||||
|  |     "rndm": { | ||||||
|  |       "version": "1.2.0", | ||||||
|  |       "resolved": "https://registry.npmjs.org/rndm/-/rndm-1.2.0.tgz", | ||||||
|  |       "integrity": "sha1-8z/pz7Urv9UgqhgyO8ZdsRCht2w=" | ||||||
|  |     }, | ||||||
|     "rst-selector-parser": { |     "rst-selector-parser": { | ||||||
|       "version": "2.2.3", |       "version": "2.2.3", | ||||||
|       "resolved": "https://registry.npmjs.org/rst-selector-parser/-/rst-selector-parser-2.2.3.tgz", |       "resolved": "https://registry.npmjs.org/rst-selector-parser/-/rst-selector-parser-2.2.3.tgz", | ||||||
| @@ -24235,6 +24255,11 @@ | |||||||
|       "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", |       "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", | ||||||
|       "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" |       "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" | ||||||
|     }, |     }, | ||||||
|  |     "tsscmp": { | ||||||
|  |       "version": "1.0.6", | ||||||
|  |       "resolved": "https://registry.npmjs.org/tsscmp/-/tsscmp-1.0.6.tgz", | ||||||
|  |       "integrity": "sha512-LxhtAkPDTkVCMQjt2h6eBVY28KCjikZqZfMcC15YBeNjkgUpdCfBu5HoiOTDu86v6smE8yOjyEktJ8hlbANHQA==" | ||||||
|  |     }, | ||||||
|     "tsutils": { |     "tsutils": { | ||||||
|       "version": "3.19.1", |       "version": "3.19.1", | ||||||
|       "resolved": "https://registry.npmjs.org/tsutils/-/tsutils-3.19.1.tgz", |       "resolved": "https://registry.npmjs.org/tsutils/-/tsutils-3.19.1.tgz", | ||||||
| @@ -24335,6 +24360,14 @@ | |||||||
|         "typescript-compare": "^0.0.2" |         "typescript-compare": "^0.0.2" | ||||||
|       } |       } | ||||||
|     }, |     }, | ||||||
|  |     "uid-safe": { | ||||||
|  |       "version": "2.1.5", | ||||||
|  |       "resolved": "https://registry.npmjs.org/uid-safe/-/uid-safe-2.1.5.tgz", | ||||||
|  |       "integrity": "sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA==", | ||||||
|  |       "requires": { | ||||||
|  |         "random-bytes": "~1.0.0" | ||||||
|  |       } | ||||||
|  |     }, | ||||||
|     "unbox-primitive": { |     "unbox-primitive": { | ||||||
|       "version": "1.0.0", |       "version": "1.0.0", | ||||||
|       "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.0.0.tgz", |       "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.0.0.tgz", | ||||||
|   | |||||||
| @@ -62,6 +62,7 @@ | |||||||
|     "buffer": "6.0.3", |     "buffer": "6.0.3", | ||||||
|     "chai": "4.3.4", |     "chai": "4.3.4", | ||||||
|     "crypto-browserify": "3.12.0", |     "crypto-browserify": "3.12.0", | ||||||
|  |     "csrf": "3.1.0", | ||||||
|     "date-fns": "2.21.1", |     "date-fns": "2.21.1", | ||||||
|     "enzyme": "3.11.0", |     "enzyme": "3.11.0", | ||||||
|     "enzyme-adapter-react-16": "1.15.6", |     "enzyme-adapter-react-16": "1.15.6", | ||||||
|   | |||||||
| @@ -1,20 +1,22 @@ | |||||||
| import envData from '../../../config/env.json'; | import envData from '../../../config/env.json'; | ||||||
| import axios from 'axios'; | import axios from 'axios'; | ||||||
|  | import Tokens from 'csrf'; | ||||||
| import cookies from 'browser-cookies'; | import cookies from 'browser-cookies'; | ||||||
|  |  | ||||||
| const { apiLocation } = envData; | const { apiLocation } = envData; | ||||||
|  |  | ||||||
| const base = apiLocation; | const base = apiLocation; | ||||||
|  | const tokens = new Tokens(); | ||||||
|  |  | ||||||
| axios.defaults.withCredentials = true; | axios.defaults.withCredentials = true; | ||||||
|  |  | ||||||
| // CSRF-Server-Token is passed to the client as a cookie. The client must send | // _csrf is passed to the client as a cookie. Tokens are sent back to the server | ||||||
| // this back as a header. | // via headers: | ||||||
| function setCSRFTokens() { | function setCSRFTokens() { | ||||||
|   const csrfToken = typeof window !== 'undefined' && cookies.get('csrf_token'); |   const _csrf = typeof window !== 'undefined' && cookies.get('_csrf'); | ||||||
|   if (!csrfToken) return; |   if (!_csrf) return; | ||||||
|   axios.defaults.headers.post['CSRF-Token'] = csrfToken; |   axios.defaults.headers.post['CSRF-Token'] = tokens.create(_csrf); | ||||||
|   axios.defaults.headers.put['CSRF-Token'] = csrfToken; |   axios.defaults.headers.put['CSRF-Token'] = tokens.create(_csrf); | ||||||
| } | } | ||||||
|  |  | ||||||
| function get(path) { | function get(path) { | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user