freeCodeCamp/api-server/server/middlewares/csurf.js

import csurf from 'csurf';

export default function() {
  const protection = csurf(
    {
      cookie: {
        domain: process.env.COOKIE_DOMAIN || 'localhost'
      }
    }
  );
  return function csrf(req, res, next) {

    const path = req.path.split('/')[1];
    if ((/(^api$|^unauthenticated$|^internal$|^p$)/).test(path)) {
      return next();
    }
    return protection(req, res, next);
  };
}
Add csrf protection 2016-05-03 00:22:56 +00:00			`import csurf from 'csurf';`

			`export default function() {`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 20:10:56 +00:00			`const protection = csurf(`
			`{`
			`cookie: {`
			`domain: process.env.COOKIE_DOMAIN \|\| 'localhost'`
			`}`
			`}`
			`);`
Remove csrf from api calls 2016-05-03 04:11:49 +00:00			`return function csrf(req, res, next) {`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 20:10:56 +00:00
Remove csrf from api calls 2016-05-03 04:11:49 +00:00			`const path = req.path.split('/')[1];`
chore: Fix api linting 2019-02-16 00:31:05 +00:00			`if ((/(^api$\|^unauthenticated$\|^internal$\|^p$)/).test(path)) {`
Remove csrf from api calls 2016-05-03 04:11:49 +00:00			`return next();`
			`}`
			`return protection(req, res, next);`
			`};`
Add csrf protection 2016-05-03 00:22:56 +00:00			`}`