Merge pull request #1704 from companieshouse/asm-472-stop-healthcheck-session

ASM-472 Exclude specific paths from session and CSRF middleware calls

Author: mwestacott

src/app.ts

@@ -93,14 +93,15 @@ const cookieConfig = {
   cookieTimeToLiveInSeconds: parseInt(config.DEFAULT_SESSION_EXPIRATION, 10)
 };
 const sessionStore = new SessionStore(new Redis(`redis://${config.CACHE_SERVER}`));
-app.use(SessionMiddleware(cookieConfig, sessionStore));
+
+app.use(config.EXCLUDED_PATHS, SessionMiddleware(cookieConfig, sessionStore));
 
 const csrfProtectionMiddleware = CsrfProtectionMiddleware({
   sessionStore,
   enabled: true,
   sessionCookieName: config.COOKIE_NAME
 });
-app.use(csrfProtectionMiddleware);
+app.use(config.EXCLUDED_PATHS, csrfProtectionMiddleware);
 
 app.set("views", path.join(__dirname, "views"));
 app.set("view engine", "html");

src/config/index.ts

@@ -44,6 +44,8 @@ export const CLOSED_PENDING_PAYMENT = "closed pending payment";
 export const PAYMENTS = "/payments";
 export const YOUR_FILINGS_PATH = "/user/transactions";
 
+export const EXCLUDED_PATHS = /\/register-an-overseas-entity\/((?!healthcheck).)*/;
+
 //  FEATURE FLAGS
 export const SHOW_SERVICE_OFFLINE_PAGE = getEnvironmentValue("SHOW_SERVICE_OFFLINE_PAGE");
 export const FEATURE_FLAG_ENABLE_TRUSTS_WEB = getEnvironmentValue('FEATURE_FLAG_ENABLE_TRUSTS_WEB_07112022', 'false');