express-csrf-double-submit-cookie
TypeScript icon, indicating that this package has built-in type declarations

2.0.0 • Public • Published

express-csrf-double-submit-cookie

Express CSRF token middleware with "Naive Double-Submit Cookie Pattern"

Requires cookie-parser to be initialized first.

Installation

$ npm install express-csrf-double-submit-cookie

Usage

import cookieParser from 'cookie-parser';
import csrfDSC from 'express-csrf-double-submit-cookie';
import express from 'express';

// create middleware
const csrfProtection = csrfDSC();

const app = express();
app.use(cookieParser());

// middleware to set cookie token 
app.use(csrfProtection)

// protect /api
app.post('/api', csrfProtection.validate, function (req, res) {
  res.status(200).end();
})

API

import csrfDSC from 'express-csrf-double-submit-cookie';

const  csrfProtection = csrfDSC([options]);

Options

  • length - token length in bytes. Default to 18.
  • value - function to get token from request. Default to
function defaultValue (req) {
    return (req.body && req.body._csrf_token) ||
        (req.query && req.query._csrf_token) ||
        (req.headers['x-csrf-token']);
}
  • cookie - Cookie options, see express res.cookie() documentation. Defaults to { name: '_csrf_token', path: '/', httpOnly: false }

Readme

Keywords

Package Sidebar

Install

npm i express-csrf-double-submit-cookie

Weekly Downloads

185

Version

2.0.0

License

MIT

Unpacked Size

6.25 kB

Total Files

5

Last publish

Collaborators

  • doochik