in packages/server/src/server.ts [62:79]
function avoidCSRF(req: express.Request, res: express.Response) {
const origin = req.headers.referer || req.headers.origin;
// light CSRF check.
if (origin && origin.indexOf(process.env.LOGIN_URL || '') !== 0) {
const logid = uuid.v4();
console.log('token service csrf error ' + logid, req.headers);
res.statusCode = 400;
res.end(
JSON.stringify({
error:
'please refresh the page and try your request again. support id: ' +
logid,
})
);
return true;
}
return false;
}