@@ -31,28 +31,31 @@ function redirectProtectedRoute(req: NextRequest) {
3131 return undefined ;
3232}
3333
34- /// are we missing a csrf token in cookies and should redirect to get one
34+ /// are we missing a csrf token in cookies
35+ /// if so get the backend url to redirect to and add the current url as a redirect_to parameter
3536function redirectCsrfToken ( req : NextRequest ) : URL | undefined {
37+ const { cookies } = req ;
38+ const hasCsrfToken = cookies . has ( "csrftoken" ) ;
39+ if ( hasCsrfToken ) {
40+ return undefined ;
41+ }
42+
3643 // need to ignore all assets outside of html requests (which don't have an extension)
3744 // so could we just check any request that doesn't have an extension?
45+ const requestUrl = new URL ( req . url ) ;
3846 if (
39- req . url . startsWith ( "/_next" ) ||
40- req . url . match (
47+ // ignore healthcheck because it's for automated test suite that can't do redirects
48+ requestUrl . pathname . startsWith ( "/healthcheck" ) ||
49+ requestUrl . pathname . startsWith ( "/_next" ) ||
50+ requestUrl . pathname . match (
4151 / \. ( j s | c s s | p n g | j p g | j p e g | s v g | g i f | i c o | j s o n | w o f f | w o f f 2 | t t f | e o t | o t f ) $ /
4252 )
4353 ) {
4454 return undefined ;
4555 }
4656
47- const { cookies } = req ;
48- const hasCsrfToken = cookies . has ( "csrftoken" ) ;
49- if ( hasCsrfToken ) {
50- return undefined ;
51- }
52-
5357 const csrfUrl = `${ apiBaseUrl } /csrf/` ;
5458 const redirectUrl = new URL ( csrfUrl ) ;
55- const requestUrl = new URL ( req . url ) ;
5659
5760 // On server envs everything is in the same domain and 80/443 ports, so ignore the host part of the url.
5861 // More robust solution (supporting separate domains) would need to take into account us being behind
0 commit comments