From 5c5ad988a66b4a8d24cf9994d8ddea18a132b897 Mon Sep 17 00:00:00 2001
From: thejsj <jorge.silva@thejsj.com>
Date: Fri, 3 Mar 2017 15:21:57 -0800
Subject: [PATCH] Add secondary full api domain

---
 lib/middlewares/cors.js |  1 +
 lib/middlewares/csrf.js | 16 ++++++++++------
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/lib/middlewares/cors.js b/lib/middlewares/cors.js
index 93279a2b9..fdda32297 100644
--- a/lib/middlewares/cors.js
+++ b/lib/middlewares/cors.js
@@ -9,6 +9,7 @@ var processOrigin = function (origin, callback) {
   var originParsed = parseDomain(origin) || {}
   var allow = [
     process.env.FULL_API_DOMAIN,
+    process.env.SECONDARY_FULL_API_DOMAIN,
     process.env.FULL_FRONTEND_DOMAIN
   ]
     .some(function (domain) {
diff --git a/lib/middlewares/csrf.js b/lib/middlewares/csrf.js
index 975ff9000..a4390484c 100644
--- a/lib/middlewares/csrf.js
+++ b/lib/middlewares/csrf.js
@@ -11,15 +11,19 @@ module.exports.csrfValidator = function (req, res, next) {
   csurfMiddleware(req, res, next)
 }
 
-module.exports.csrfCookieInjector = function (req, res, next) {
-  if (!exists(req.headers.origin)) {
-    return next()
-  }
-
-  var parsedDomain = parseDomain(process.env.FULL_API_DOMAIN) || {}
+module.exports.injectCookie = function (res, req, domain) {
+  var parsedDomain = parseDomain(domain) || {}
   res.cookie('CSRF-TOKEN', req.csrfToken(), {
     httpOnly: false,
     domain: '.' + parsedDomain.domain + '.' + parsedDomain.tld
   })
+}
+
+module.exports.csrfCookieInjector = function (req, res, next) {
+  if (!exists(req.headers.origin)) {
+    return next()
+  }
+  module.exports.injectCookie(res, req, process.env.FULL_API_DOMAIN)
+  module.exports.injectCookie(res, req, process.env.SECONDARY_FULL_API_DOMAIN)
   next()
 }