fixes bug introduced with csrf

src/auth/getExtractJWT.js

@@ -2,6 +2,7 @@ const parseCookies = require('../utilities/parseCookies');
 
 const getExtractJWT = (config) => (req) => {
   const jwtFromHeader = req.get('Authorization');
+  const origin = req.get('Origin');
 
   if (jwtFromHeader && jwtFromHeader.indexOf('JWT ') === 0) {
     return jwtFromHeader.replace('JWT ', '');
@@ -10,10 +11,8 @@ const getExtractJWT = (config) => (req) => {
   const cookies = parseCookies(req);
   const tokenCookieName = `${config.cookiePrefix}-token`;
 
-  if (cookies && cookies[tokenCookieName] && Array.isArray(config.csrf)) {
-    const { headers: { origin } = {} } = req;
-
-    if (config.csrf.indexOf(origin) > -1) {
+  if (cookies && cookies[tokenCookieName]) {
+    if (!origin || (config.csrf && config.csrf.indexOf(origin) > -1)) {
       const token = cookies[tokenCookieName];
       return token;
     }