From b4b60c69cf67a42f4797f7f1afe68b7a5eec2998 Mon Sep 17 00:00:00 2001
From: Saad Jutt <ihsan.distranger@gmail.com>
Date: Sat, 30 Apr 2022 06:32:24 +0500
Subject: [PATCH] fix: setting CSRF Token for only rendering SPA

---
 api/src/routes/web/index.ts | 5 -----
 api/src/routes/web/web.ts   | 7 +++++--
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/api/src/routes/web/index.ts b/api/src/routes/web/index.ts
index 6f04db4..e9d91cd 100644
--- a/api/src/routes/web/index.ts
+++ b/api/src/routes/web/index.ts
@@ -6,11 +6,6 @@ const router = express.Router()
 
 router.use(csrfProtection)
 
-router.use(function (req, res, next) {
-  res.cookie('XSRF-TOKEN', req.csrfToken())
-  next()
-})
-
 router.use('/', webRouter)
 
 export default router
diff --git a/api/src/routes/web/web.ts b/api/src/routes/web/web.ts
index f9889b0..0a84af9 100644
--- a/api/src/routes/web/web.ts
+++ b/api/src/routes/web/web.ts
@@ -6,10 +6,13 @@ import { getWebBuildFolderPath, loginWebValidation } from '../../utils'
 
 const webRouter = express.Router()
 
-webRouter.get('/', async (_, res) => {
+webRouter.get('/', async (req, res) => {
   const indexHtmlPath = path.join(getWebBuildFolderPath(), 'index.html')
 
-  if (await fileExists(indexHtmlPath)) return res.sendFile(indexHtmlPath)
+  if (await fileExists(indexHtmlPath)) {
+    res.cookie('XSRF-TOKEN', req.csrfToken())
+    return res.sendFile(indexHtmlPath)
+  }
 
   return res.send('Web Build is not present')
 })