alt-xsrf

    1.0.0 • Public • Published

    Anti-XSRF middleware

    This XSRF prevention middleware:

    1. stores XSRF secret in Redis-backed session
    2. exposes a token on res.locals variable xsrfToken
    3. exposes a token via cookie
    4. validates incoming token if not ignored

    Note: this middleware requires alt-session to be installed beforehand.

    You can provide custom ignore function via options:

    options.ignore = function(req, res) {
      return true; // Ignore all requests
    }

    You can provide custom token source getter (by default it takes X-XSRF-TOKEN header value to ensure compatibility with Angular):

    options.getToken = function(req, res) {
      return req.get('X-XSRF-TOKEN');
    }

    Install

    npm i alt-xsrf

    DownloadsWeekly Downloads

    1

    Version

    1.0.0

    License

    ISC

    Last publish

    Collaborators

    • inca