From e9ee843b274b1e1f38b992650f3f74f940a20a49 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Fri, 14 Jan 2022 13:38:24 -0500
Subject: [PATCH] fix: CSRF handler to go back to saving in session (#10159)

---
 src/controllers/authentication.js |  2 --
 src/middleware/index.js           | 10 ++--------
 2 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/src/controllers/authentication.js b/src/controllers/authentication.js
index 4afd54fb84..e71ff710d7 100644
--- a/src/controllers/authentication.js
+++ b/src/controllers/authentication.js
@@ -472,8 +472,6 @@ authenticationController.logout = async function (req, res, next) {
 
 		await destroyAsync(req);
 		res.clearCookie(nconf.get('sessionKey'), meta.configs.cookie.get());
-		req.uid = 0;
-		req.headers['x-csrf-token'] = req.csrfToken();
 
 		await user.setUserField(uid, 'lastonline', Date.now() - (meta.config.onlineCutoff * 60000));
 		await db.sortedSetAdd('users:online', Date.now() - (meta.config.onlineCutoff * 60000), uid);
diff --git a/src/middleware/index.js b/src/middleware/index.js
index 24d7a9543f..a31cc4430d 100644
--- a/src/middleware/index.js
+++ b/src/middleware/index.js
@@ -34,17 +34,11 @@ middleware.regexes = {
 	timestampedUpload: /^\d+-.+$/,
 };
 
-const csurfMiddleware = csrf({
-	cookie: nconf.get('url_parsed').protocol === 'https:' ? {
-		secure: true,
-		sameSite: 'Strict',
-		httpOnly: true,
-	} : true,
-});
+const csrfMiddleware = csrf();
 
 middleware.applyCSRF = function (req, res, next) {
 	if (req.uid >= 0) {
-		csurfMiddleware(req, res, next);
+		csrfMiddleware(req, res, next);
 	} else {
 		next();
 	}