2016-05-03 00:22:56 +00:00
|
|
|
import csurf from 'csurf';
|
|
|
|
|
|
|
|
export default function() {
|
2018-05-23 20:10:56 +00:00
|
|
|
const protection = csurf(
|
|
|
|
{
|
|
|
|
cookie: {
|
|
|
|
domain: process.env.COOKIE_DOMAIN || 'localhost'
|
|
|
|
}
|
|
|
|
}
|
|
|
|
);
|
2016-05-03 04:11:49 +00:00
|
|
|
return function csrf(req, res, next) {
|
2018-05-23 20:10:56 +00:00
|
|
|
|
2016-05-03 04:11:49 +00:00
|
|
|
const path = req.path.split('/')[1];
|
2019-02-07 13:33:18 +00:00
|
|
|
if (/(^api$|^unauthenticated$|^internal$|^p$)/.test(path)) {
|
2016-05-03 04:11:49 +00:00
|
|
|
return next();
|
|
|
|
}
|
|
|
|
return protection(req, res, next);
|
|
|
|
};
|
2016-05-03 00:22:56 +00:00
|
|
|
}
|