-
-
Notifications
You must be signed in to change notification settings - Fork 140
/
set-csrf-cookie.ts
26 lines (25 loc) · 1 KB
/
set-csrf-cookie.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
import { Config, CookieOptions, HttpResponse } from '@foal/core';
import { CSRF_DEFAULT_COOKIE_NAME, CSRF_DEFAULT_COOKIE_PATH } from './constants';
/**
* Send the CSRF token in a cookie.
*
* @export
* @param {HttpResponse} response - The HTTP response
* @param {string} csrfToken - The CSRF token
*/
export function setCsrfCookie(response: HttpResponse, csrfToken: string): void {
const cookieName = Config.get('settings.csrf.cookie.name', CSRF_DEFAULT_COOKIE_NAME);
const options: CookieOptions = {
domain: Config.get('settings.csrf.cookie.domain'),
httpOnly: false,
path: Config.get('settings.csrf.cookie.path', CSRF_DEFAULT_COOKIE_PATH),
sameSite: Config.get('settings.csrf.cookie.sameSite'),
secure: Config.get('settings.csrf.cookie.secure')
};
// Express does not support options.maxAge === undefined.
const maxAge = Config.get<number|undefined>('settings.csrf.cookie.maxAge');
if (maxAge) {
options.maxAge = maxAge;
}
response.setCookie(cookieName, csrfToken, options);
}