JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 3919
  • Score
    100M100P100Q156416F
  • License MIT

primary logic behind csrf tokens

Package Exports

  • csrf-tokens

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (csrf-tokens) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

CSRF Tokens

Logic behind CSRF token creation and verification. Read Understanding-CSRF for more information on CSRF. Use this module to create custom CSRF middleware and what not.

API

var csrf = require('csrf-tokens')(options)

var secret = csrf.secret()
var token = csrf.create(secret)
var valid = csrf.verify(secret, token)

Options:

  • secretLength: 12 - the byte length of the secret key
  • saltLength: 8 - the string length of the salt
  • tokensize: (secret, salt) => token - a custom token creation function

var secret = csrf.secret()

Create a new secret of length secretLength. You don't have to use this.

var token = csrf.token(secret)

Create a CSRF token based on a secret. This is the token you pass to clients.

var valid = csrf.verify(secret, token)

Check whether a CSRF token is valid based on a secret. If it's not valid, you should probably throw a 403 error.