node package manager


crumb Logo

CSRF crumb generation for hapi

Build Status


  • options is an object with the following keys:
    • name - the name of the CSRF token (Default is crumb)
    • size - the length of the CSRF token (Default is 43)
    • autoGenerate - forces the plugin to generate the token on its own (Default is true)
      • If set to false, you must call request.plugins.crumb.generate() manually
    • addToViewContext - if the response is a View, adds it to the context (Default is true)
    • cookieOptions - See the options section for server.state(name, [options])
      • path - the cookie path scope. (Default is /)


var Hapi = require('hapi');
var server = Hapi.createServer('localhost', 3000);
var options = {
  name: 'myCrumb'
server.allow({ ext: true, state: true }).require('crumb', options, function(err) {
  if (err) {
    console.log('Failed to load plugin: crumb');