csrf-monkey
Automatically add CSRF headers to all clientside requests
- handles both xhr and fetch
- small footprint, no dependencies
- configurable, testable and restorable
Installation
npm install --save csrf-monkey
Usage
Default behaviour
Put your csrf token in a meta tag in your head like so:
Then call csrf-monkey
. This will patch xhr and window.fetch so that your csrf token is automatically included in all clientside requests
var axios = // request will include csrf header ('x-csrf-token': value)axios // request will include csrf header ('x-csrf-token': value)
Options
var csrfMonkey = // you can also pass a custom header to csrf-monkey: // and you can pass your csrf token value directly to csrf-monkey if you don't want to include it as a meta tag:
Restore
var restore = // Restores everything back to how it was
Credits
- Inspired by
csrf-xhr