alt-xsrf

1.0.0 • Public • Published

Anti-XSRF middleware

This XSRF prevention middleware:

  1. stores XSRF secret in Redis-backed session
  2. exposes a token on res.locals variable xsrfToken
  3. exposes a token via cookie
  4. validates incoming token if not ignored

Note: this middleware requires alt-session to be installed beforehand.

You can provide custom ignore function via options:

options.ignore = function(req, res) {
  return true; // Ignore all requests
}

You can provide custom token source getter (by default it takes X-XSRF-TOKEN header value to ensure compatibility with Angular):

options.getToken = function(req, res) {
  return req.get('X-XSRF-TOKEN');
}

Readme

Keywords

Package Sidebar

Install

npm i alt-xsrf

Weekly Downloads

8

Version

1.0.0

License

ISC

Last publish

Collaborators

  • inca