micro-csrf

micro-csrf is a csrf middleware for Zeit.co's micro framework. This module is heavily inspired by express-csurf.

Installation

$ npm install micro-csrf
# or
$ yarn add micro-csrf

Example Usage

// Use the micro-session middleware for storing the token secret
const SessionManager, { MemoryStore } = require('micro-session');
const { csrfMiddleware } = require('micro-csrf');

const sessionManager = SessionManager({
  store: new MemoryStore(),
  secret: 'my session secret'
})
const csrf = csrfMiddleware();

module.exports = async (req, res) => {
  let session = await getSession(req, res);

  // This will automatically end the request with a 403 error
  // if this is a POST, PUT, PATCH, DELETE request without a valid
  // CSRF Token.
  const csrfToken = await csrf(session, req, res);

  // ...

  return {
    csrfToken
  };
};

Token Validation

The token is automatically read from the following locations:

    req.body._csrf - requires a parsed request body
    req.query._csrf - requires a query parser
    req.headers['csrf-token'] - the CSRF-Token HTTP request header.
    req.headers['xsrf-token'] - the XSRF-Token HTTP request header.
    req.headers['x-csrf-token'] - the X-CSRF-Token HTTP request header.
    req.headers['x-xsrf-token'] - the X-XSRF-Token HTTP request header.

License

MIT

micro-csrf

micro-csrf

Installation

Example Usage

Token Validation

License

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

Weekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

micro-csrf

micro-csrf

Installation

Example Usage

Token Validation

License

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

DownloadsWeekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

Weekly Downloads