safe-fetch

0.2.1 • Public • Published

safe-fetch

NPM version Build Status

A fetch() wrapper that implements Double Submit Cookies CSRF protection.

Requirements

  • fetch()-compatible environment (or with a polyfill)
  • Server-set randomly generated cookie XSRF cookie (by default named csrf-token), that is then compared with a header (x-csrf-token by default) set on every request by save-fetch.

Basic Usage

import fetch from 'safe-fetch';
 
fetch('/some-url').then(console.log.bind(console));

Advanced Options

safe-fetch supports all the options fetch() does, but by default sets credentials: 'same-origin' option to send the cookies required for the CSRF security. You can still override this and set it to omit or include in which case the header will not be set.

You can also modify cookie an header name using global options:

import fetch from 'safe-fetch';
fetch.cookieName = 'my-cookie-name';
fetch.headerName = 'x-my-header-name';
fetch('/some-url').then(console.log.bind(console));

License

Copyright 2015 Dmitriy Kubyshkin

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Readme

Keywords

Package Sidebar

Install

npm i safe-fetch

Weekly Downloads

3,096

Version

0.2.1

License

Apache-2.0

Last publish

Collaborators

  • grassator