Skip to content

fourcube/micro-csrf

Repository files navigation

micro-csrf

Build Status

micro-csrf is a csrf middleware for Zeit.co's micro framework. This module is heavily inspired by express-csurf.

Installation

$ npm install micro-csrf
# or
$ yarn add micro-csrf

Example Usage

// Use the micro-session middleware for storing the token secret
const SessionManager, { MemoryStore } = require('micro-session');
const { csrfMiddleware } = require('micro-csrf');

const sessionManager = SessionManager({
  store: new MemoryStore(),
  secret: 'my session secret'
})
const csrf = csrfMiddleware();

module.exports = async (req, res) => {
  let session = await getSession(req, res);

  // This will automatically end the request with a 403 error
  // if this is a POST, PUT, PATCH, DELETE request without a valid
  // CSRF Token.
  const csrfToken = await csrf(session, req, res);

  // ...

  return {
    csrfToken
  };
};

Token Validation

The token is automatically read from the following locations:

    req.body._csrf - requires a parsed request body
    req.query._csrf - requires a query parser
    req.headers['csrf-token'] - the CSRF-Token HTTP request header.
    req.headers['xsrf-token'] - the XSRF-Token HTTP request header.
    req.headers['x-csrf-token'] - the X-CSRF-Token HTTP request header.
    req.headers['x-xsrf-token'] - the X-XSRF-Token HTTP request header.

License

MIT

About

Anti-CSRF middleware for micro

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 3

  •  
  •  
  •