Adding CSRF Header for Browser Extension (#1037)

Adding CSRF Header for Browser Extension
2 years ago · 592074679b
parent b8477e3613
commit 592074679b
2 changed files with 6 additions and 0 deletions
--- a/backend/utils/app.js
+++ b/backend/utils/app.js
@ -41,7 +41,10 @@ export class ExpressApplication {
            this.app.use(this.common.baseHref + '/api/ecl', eclRoutes);
            this.app.use(this.common.baseHref, express.static(join(this.directoryName, '../..', 'frontend')));
            this.app.use((req, res, next) => {
+                // For Angular App
                res.cookie('XSRF-TOKEN', req.csrfToken ? req.csrfToken() : '');
+                // For JQuery Browser Plugin
+                res.setHeader('XSRF-TOKEN', req.csrfToken ? req.csrfToken() : '');
                res.sendFile(join(this.directoryName, '../..', 'frontend', 'index.html'));
            });
            this.app.use((err, req, res, next) => this.handleApplicationErrors(err, res));
--- a/server/utils/app.ts
+++ b/server/utils/app.ts
@ -63,7 +63,10 @@ export class ExpressApplication {
    this.app.use(this.common.baseHref + '/api/ecl', eclRoutes);
    this.app.use(this.common.baseHref, express.static(join(this.directoryName, '../..', 'frontend')));
    this.app.use((req: any, res, next) => {
+      // For Angular App
      res.cookie('XSRF-TOKEN', req.csrfToken ? req.csrfToken() : '');
+      // For JQuery Browser Plugin
+      res.setHeader('XSRF-TOKEN', req.csrfToken ? req.csrfToken() : '');
      res.sendFile(join(this.directoryName, '../..', 'frontend', 'index.html'));
    });
    this.app.use((err, req, res, next) => this.handleApplicationErrors(err, res));