Merge pull request #1866 from bcgov/chore/fetch-csrf-cookie

chore: add function to fetch specific csrf cookie by name
bcgov · Sep 15, 2023 · 25a8eac · 25a8eac
2 parents b0ea1bc + 9a4796a
commit 25a8eac
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/app/components/Attachment/hardDeleteAttachment.tsx b/app/components/Attachment/hardDeleteAttachment.tsx
@@ -1,7 +1,16 @@
 import { getAttachmentDeleteRoute } from "routes/pageRoutes";
 
+const getCookie = (name) => {
+  const match = document.cookie.match(new RegExp("(^| )" + name + "=([^;]+)"));
+  if (match) {
+    return match[2];
+  } else {
+    console.log(`No cookie matching ${name} was found`);
+  }
+};
+
 const hardDeleteAttachment = async (attachmentId, formChangeRowId) => {
-  const csrfToken = document.cookie.replace("qwerty=", "");
+  const csrfToken = getCookie("luscaCSRF");
   fetch(getAttachmentDeleteRoute(attachmentId).pathname, {
     method: "DELETE",
     headers: {

diff --git a/app/server/index.ts b/app/server/index.ts
@@ -62,7 +62,7 @@ app.prepare().then(async () => {
     lusca.csrf({
       xframe: "SAMEORIGIN",
       xssProtection: true,
-      cookie: "qwerty",
+      cookie: "luscaCSRF",
     })
   );
   server.use(attachmentDeleteRouter);