You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
micro-csrf is a csrf middleware for Zeit.co's micro framework. This module is heavily inspired by express-csurf.
Installation
$ npm install micro-csrf
# or
$ yarn add micro-csrf
Example Usage
// Use the micro-session middleware for storing the token secretconstSessionManager,{ MemoryStore }=require('micro-session');const{ csrfMiddleware }=require('micro-csrf');constsessionManager=SessionManager({store: newMemoryStore(),secret: 'my session secret'})constcsrf=csrfMiddleware();module.exports=async(req,res)=>{letsession=awaitgetSession(req,res);// This will automatically end the request with a 403 error// if this is a POST, PUT, PATCH, DELETE request without a valid// CSRF Token.constcsrfToken=awaitcsrf(session,req,res);// ...return{
csrfToken
};};
Token Validation
The token is automatically read from the following locations:
req.body._csrf - requires a parsed request body
req.query._csrf - requires a query parser
req.headers['csrf-token'] - the CSRF-Token HTTP request header.
req.headers['xsrf-token'] - the XSRF-Token HTTP request header.
req.headers['x-csrf-token'] - the X-CSRF-Token HTTP request header.
req.headers['x-xsrf-token'] - the X-XSRF-Token HTTP request header.
