Nuxt CSRF

CSRF support for Nuxt

Installation

This is a Node.js module available through the
npm registry. Installation is done using the
npm install command:

``sh $ npm install @chmking/nuxt-csrf h3`

Add to modules in nuxt.config.ts:

`js // nuxt.config.ts export default defineNuxtConfig({ modules: [ '@chmking/nuxt-csrf' ] })`

`$3`

This package has a peer dependecy on H3 ~v0.7.21 which fixes an issue when an H3 event body is read twice.

`Usage`

`$3`

This module makes the token available through a composable:

`js`

`$3`

`js

`$3`

`js

`Options`

Currently Nuxt CSRF only supports cookies for CSRF secret storage.

`$3`

Nuxt CSRF can be configured with the cookie options from @chmking/h3-csrf.

Default:`js { cookie: { domain: '', httpOnly: true, name: '_csrf', path: '/', sameSite: 'lax', secure: false, }, }`

`Environment Override`

In support of 12 factor app principles, environment overrides are available for cookie config.

This will override the modules config in nuxt.config.ts.

- NUXT_CSRF_COOKIE_DOMAIN - NUXT_CSRF_COOKIE_HTTP_ONLY - NUXT_CSRF_COOKIE_MAX_AGE - NUXT_CSRF_COOKIE_NAME - NUXT_CSRF_COOKIE_PATH - NUXT_CSRF_COOKIE_SAME_SITE - NUXT_CSRF_COOKIE_SECURE

In a production environment with the server running on HTTPS a more secure config is:

`bash NUXT_CSRF_COOKIE_SAME_SITE="strict" NUXT_CSRF_COOKIE_SECURE="true"`

`Development`

You can develop locally with the playground: - Runnpm run dev:prepareto generate type stubs. - Usenpm run dev` to start playground in development mode.

License

Distributed under the MIT License. See LICENSE for more information.

Nuxt CSRF

CSRF support for Nuxt

Installation

This is a Node.js module available through the
npm registry. Installation is done using the
npm install command:

``sh $ npm install @chmking/nuxt-csrf h3`

Add to modules in nuxt.config.ts:

`js // nuxt.config.ts export default defineNuxtConfig({ modules: [ '@chmking/nuxt-csrf' ] })`

`$3`

This package has a peer dependecy on H3 ~v0.7.21 which fixes an issue when an H3 event body is read twice.

`Usage`

`$3`

This module makes the token available through a composable:

`js`

`$3`

`js

`$3`

`js

`Options`

Currently Nuxt CSRF only supports cookies for CSRF secret storage.

`$3`

Nuxt CSRF can be configured with the cookie options from @chmking/h3-csrf.

Default:`js { cookie: { domain: '', httpOnly: true, name: '_csrf', path: '/', sameSite: 'lax', secure: false, }, }`

`Environment Override`

In support of 12 factor app principles, environment overrides are available for cookie config.

This will override the modules config in nuxt.config.ts.

- NUXT_CSRF_COOKIE_DOMAIN - NUXT_CSRF_COOKIE_HTTP_ONLY - NUXT_CSRF_COOKIE_MAX_AGE - NUXT_CSRF_COOKIE_NAME - NUXT_CSRF_COOKIE_PATH - NUXT_CSRF_COOKIE_SAME_SITE - NUXT_CSRF_COOKIE_SECURE

In a production environment with the server running on HTTPS a more secure config is:

`bash NUXT_CSRF_COOKIE_SAME_SITE="strict" NUXT_CSRF_COOKIE_SECURE="true"`

`Development`

You can develop locally with the playground: - Runnpm run dev:prepareto generate type stubs. - Usenpm run dev` to start playground in development mode.

License

Distributed under the MIT License. See LICENSE for more information.