Add Cloudflare worker

torchbox · Nov 8, 2018 · 21522c6 · 21522c6
1 parent 6c056a9
commit 21522c6
Showing 1 changed file with 52 additions and 0 deletions.
diff --git a/cloudflare/workers.js b/cloudflare/workers.js
@@ -0,0 +1,52 @@
+addEventListener('fetch', event => {
+  event.respondWith(main(event));
+});
+
+async function main(event) {
+  const newRequest = stripSessionCookie(event.request);
+  return fetch(newRequest);
+}
+
+/**
+ * Strip session cookies from the front-end.
+ *
+ * It's important that you disable this script from:
+ *  - /admin/*
+ *  - /review/*
+ *  - /contact/*
+ *
+ * Otherwise CSRF won't work.
+ *
+ */
+function stripSessionCookie(request) {
+  const newHeaders = new Headers(request.headers);
+  const url = new URL(request.url);
+  const cookieString = newHeaders.get('Cookie');
+  if (
+    cookieString !== null
+    && (cookieString.includes('csrftoken') || cookieString.includes('sessionid'))
+  ) {
+    const newValue = stripCookie(
+      stripCookie(newHeaders.get('Cookie'), 'sessionid'),
+      'csrftoken'
+    );
+    newHeaders.set('Cookie', newValue);
+    return new Request(request.url, {
+      headers: newHeaders,
+      method:request.method,
+      body: request.body,
+      redirect: request.redirect,
+    });
+  }
+
+  return request;
+}
+
+/**
+ * Strip a cookie from the cookie string and return a new cookie string.
+ */
+function stripCookie(cookiesString, cookieName) {
+  return cookiesString.split(';').filter(v => {
+    return v.split('=')[0].trim() !== cookieName;
+  }).join(';');
+}