Skip to content
This repository has been archived by the owner on Aug 8, 2023. It is now read-only.
/ express-csrf Public archive

Cross-Site Request Forgery (CSRF) middleware for Express

License

View license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ianwalter/express-csrf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

106 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 
tests.js
tests.js
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

@ianwalter/express-csrf

Cross-Site Request Forgery (CSRF) middleware for Express

npm page

About

Heavily inspired by and based on csurf. This module aims to be more flexible than other CSRF modules by being split into two separate middleware: one that handles the CSRF token generation and one that handles the CSRF token validation.

Installation

yarn add @ianwalter/express-csrf

Usage

Use the csrfGeneration middleware before you intend to use the req.generateCsrfToken method to generate a CSRF token:

const { csrfGeneration } = require('@ianwalter/express-csrf')

app.use(csrfGeneration)

Use the csrfValidation middleware before any endpoints you want to protect from CSRF attacks:

const { csrfValidation } = require('@ianwalter/express-csrf')

// Doesn't need to be proected:
app.post('/login', session.create)

app.use(csrfValidation)

// Protected:
app.post('/order', orders.create)

License

Apache 2.0 with Commons Clause - See LICENSE

 

Created by Ian Walter

About

Cross-Site Request Forgery (CSRF) middleware for Express

Topics

middleware express csrf xsrf

Resources

Readme

License

View license
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 3

1.1.1 Latest
Sep 17, 2019
+ 2 releases

Packages

No packages published

Languages