From df45df5b71106b901cdf8a1a78ef6d2a24a6cb0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Alby?= Date: Mon, 4 Nov 2019 16:49:48 +0700 Subject: [PATCH] Merge pull request #2309 from overleaf/spd-nodevcsrf Remove /dev/csrf route from production GitOrigin-RevId: 4dc19fa6d33214f9a4cc57ee1293c215eb072c00 --- services/web/app/src/router.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/services/web/app/src/router.js b/services/web/app/src/router.js index 2c248cad4c..864cae2ea1 100644 --- a/services/web/app/src/router.js +++ b/services/web/app/src/router.js @@ -972,7 +972,9 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) { res.send('web sharelatex is alive (api)') ) - webRouter.get('/dev/csrf', (req, res) => res.send(res.locals.csrfToken)) + if (['development', 'test'].includes(process.env.NODE_ENV)) { + webRouter.get('/dev/csrf', (req, res) => res.send(res.locals.csrfToken)) + } publicApiRouter.get('/health_check', HealthCheckController.check) privateApiRouter.get('/health_check', HealthCheckController.check)