Basic CSRF prevention with double cookies
npm install doublecookieThis was designed to be drop-in middleware. app.use(doublecookie()) accepting all the defaults, then pass locals.postCheck into your template as a hidden form field.
See csurf first
owasp csrf_Prevention_Cheat_Sheet)
Liran Tal video - Node JS: Security Breaking the Loop