npm
Sign UpSign In

simple-csrf

1.0.1 • Public • Published

simple-csrf

A dead simple CSRF middleware for Express (4.x): uses a single, per-session token with no unnecessary magic and/or tricks.

Install

$ npm install simple-csrf

Usage

Add after you have a session implementation:

var csrf = require('simple-csrf');
app.use(session_of_choice());
app.use(csrf());

Validation is performed on requests that are not of type GET, HEAD or OPTIONS. The token is retrieved from either _csrf_token in the request body parameters or the X-CSRF-Token request header.

The CSRF token is available as csrfToken on both the request object, and the renderer view locals.

License

MIT. See LICENSE.md.

Versions

Current Tags

  • Version
    Downloads (Last 7 Days)
    • Tag
  • 1.0.1
    6
    • latest

Version History

  • Version
    Downloads (Last 7 Days)
    • Published
  • 1.0.1
    6

Package Sidebar

Install

npm i simple-csrf

Repository

github.com/veeti/simple-csrf

Homepage

github.com/veeti/simple-csrf

Weekly Downloads

6

Version

1.0.1

License

MIT

Last publish

Collaborators

  • veeti
Try on RunKit
Report malware