mirror of
https://github.com/freeCodeCamp/freeCodeCamp.git
synced 2026-05-26 22:01:30 -04:00
28 lines
647 B
JavaScript
28 lines
647 B
JavaScript
import csurf from 'csurf';
|
|
|
|
export const csrfOptions = {
|
|
domain: process.env.COOKIE_DOMAIN,
|
|
sameSite: 'strict',
|
|
secure: process.env.FREECODECAMP_NODE_ENV === 'production'
|
|
};
|
|
|
|
export default function getCsurf() {
|
|
const protection = csurf({
|
|
cookie: { ...csrfOptions, httpOnly: true }
|
|
});
|
|
return function csrf(req, res, next) {
|
|
const { path } = req;
|
|
if (
|
|
// eslint-disable-next-line max-len
|
|
/^\/hooks\/update-paypal$|^\/donate\/charge-stripe$|^\/coderoad-challenge-completed$/.test(
|
|
path
|
|
)
|
|
) {
|
|
next();
|
|
} else {
|
|
// add the middleware
|
|
protection(req, res, next);
|
|
}
|
|
};
|
|
}
|