JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 435569
  • Score
    100M100P100Q68059F
  • License MIT

CSRF token middleware

Package Exports

  • csurf

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (csurf) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

csurf

NPM Version Build Status Coverage Status

Node.js CSRF protection middleware.

Requires either a session middleware or cookie-parser to be initialized first.

Install

$ npm install csurf

API

var csrf = require('csurf')

csrf(options)

This middleware adds a req.csrfToken() function to make a token which should be added to requests which mutate state, within a hidden form field, query-string etc. This token is validated against the visitor's session or csrf cookie.

Options

  • value a function accepting the request, returning the token.
    • The default function checks four possible token locations:
      • _csrf parameter in req.body generated by the body-parser middleware.
      • _csrf parameter in req.query generated by query().
      • x-csrf-token and x-xsrf-token header fields.
  • cookie set to a truthy value to enable cookie-based instead of session-based csrf secret storage.
    • If cookie is an object, these options can be configured, otherwise defaults are used:
      • key the name of the cookie to use (defaults to _csrf) to store the csrf secret
      • any other res.cookie options can be set

req.csrfToken()

Lazy-loads the token associated with the request.

Example

var express = require('express')
var csrf    = require('csurf')

var app = express()
app.use(csrf())

License

MIT