Share your code. npm Orgs help your team discover, share, and reuse code. Create a free org »

    alt-xsrfpublic

    Anti-XSRF middleware

    This XSRF prevention middleware:

    1. stores XSRF secret in Redis-backed session
    2. exposes a token on res.locals variable xsrfToken
    3. exposes a token via cookie
    4. validates incoming token if not ignored

    Note: this middleware requires alt-session to be installed beforehand.

    You can provide custom ignore function via options:

    options.ignore = function(req, res) {
      return true; // Ignore all requests
    }

    You can provide custom token source getter (by default it takes X-XSRF-TOKEN header value to ensure compatibility with Angular):

    options.getToken = function(req, res) {
      return req.get('X-XSRF-TOKEN');
    }

    install

    npm i alt-xsrf

    Downloadsweekly downloads

    4

    version

    1.0.0

    license

    ISC

    homepage

    github.com

    last publish

    collaborators

    • avatar