@ianwalter/express-csrf

Cross-Site Request Forgery (CSRF) middleware for Express

About

Heavily inspired by and based on csurf. This module aims to be more flexible than other CSRF modules by being split into two separate middleware: one that handles the CSRF token generation and one that handles the CSRF token validation.

Installation

yarn add @ianwalter/express-csrf

Usage

Use the csrfGeneration middleware before you intend to use the req.generateCsrfToken method to generate a CSRF token:

const { csrfGeneration } = require('@ianwalter/express-csrf')

app.use(csrfGeneration)

Use the csrfValidation middleware before any endpoints you want to protect from CSRF attacks:

const { csrfValidation } = require('@ianwalter/express-csrf')

// Doesn't need to be proected:
app.post('/login', session.create)

app.use(csrfValidation)

// Protected:
app.post('/order', orders.create)

License

Apache 2.0 with Commons Clause - See LICENSE

Created by Ian Walter

Name		Name	Last commit message	Last commit date
Latest commit History 106 Commits
.github/workflows		.github/workflows
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
index.js		index.js
package.json		package.json
tests.js		tests.js
yarn.lock		yarn.lock

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

.github/workflows

.github/workflows

.gitignore

.gitignore

LICENSE

LICENSE

README.md

README.md

index.js

index.js

package.json

package.json

tests.js

tests.js

yarn.lock

yarn.lock

Repository files navigation

@ianwalter/express-csrf

About

Installation

Usage

License

About

Releases 3

Packages

Contributors 2

Languages

License

ianwalter/express-csrf

Folders and files

Latest commit

History

Repository files navigation

@ianwalter/express-csrf

About

Installation

Usage

License

About

Topics

Resources

License

Stars

Watchers

Forks

Languages