Added the cookie domain optipn in the /api/csrf-cookie route

Changes
	modified:   web/routes/index.js
	modified:   web/web.js

Author: StanleyMasinde

web/routes/index.js

@@ -15,7 +15,7 @@ Route.get('/', async (_req, res) => {
  * GET and set the csrf cookie
  */
 Route.get('/csrf-cookie', (req, res) => {
-    res.cookie('XSRF-TOKEN', req.csrfToken())
+    res.cookie('XSRF-TOKEN', req.csrfToken(), {domain: process.env.COOKIE_DOMAIN || 'localhost'})
     res.status(204).json('')
 })
 

web/web.js

@@ -28,7 +28,7 @@ web.use(csrf({
     cookie: {
         sameSite: 'lax',
         secure: false,
-        domain: process.env.COOKIE_DOMAIN | 'localhost'
+        domain: process.env.COOKIE_DOMAIN || 'localhost'
     },
     ignoreMethods: process.env.NODE_ENV === 'development' ? ['POST', 'PUT', 'DELETE', 'GET', 'OPTIONS'] : ['GET', 'HEAD', 'OPTIONS'],
     sessionKey: 'de'