feat(api): add csrf protection (#50275)

Co-authored-by: Sboonny <muhammed@freecodecamp.org>
2026-01-06 06:01:31 -05:00 · 2023-05-18 13:36:40 +02:00
parent 4dfca3c560
commit c3c912db07
11 changed files with 287 additions and 123 deletions
--- a/api/src/utils/env.ts
+++ b/api/src/utils/env.ts
@@ -33,6 +33,7 @@ assert.ok(process.env.FCC_ENABLE_SWAGGER_UI);
 assert.ok(process.env.FCC_ENABLE_DEV_LOGIN_MODE);

 if (process.env.FREECODECAMP_NODE_ENV !== 'development') {
+  assert.ok(process.env.COOKIE_DOMAIN);
  assert.ok(process.env.PORT);
  assert.ok(process.env.MONGOHQ_URL);
  assert.ok(process.env.SENTRY_DSN);
@@ -70,3 +71,4 @@ export const SENTRY_DSN =
  process.env.SENTRY_DSN === 'dsn_from_sentry_dashboard'
    ? ''
    : process.env.SENTRY_DSN;
+export const COOKIE_DOMAIN = process.env.COOKIE_DOMAIN || 'localhost';