Express CSRF token middleware with "Double submit cookie"
npm install express-csrf-double-submit-cookieExpress CSRF token middleware with "Naive Double-Submit Cookie Pattern"
Requires cookie-parser to be initialized first.
``sh`
$ npm install express-csrf-double-submit-cookie
`js
import cookieParser from 'cookie-parser';
import csrfDSC from 'express-csrf-double-submit-cookie';
import express from 'express';
// create middleware
const csrfProtection = csrfDSC();
const app = express();
app.use(cookieParser());
// middleware to set cookie token
app.use(csrfProtection)
// protect /api
app.post('/api', csrfProtection.validate, function (req, res) {
res.status(200).end();
})
`
`js
import csrfDSC from 'express-csrf-double-submit-cookie';
const csrfProtection = csrfDSC([options]);
`
* length - token length in bytes. Default to 18.value
* - function to get token from request. Default to`js`
function defaultValue (req) {
return (req.body && req.body._csrf_token) ||
(req.query && req.query._csrf_token) ||
(req.headers['x-csrf-token']);
}
* - Cookie options, see express res.cookie() documentation. Defaults to { name: '_csrf_token', path: '/', httpOnly: false }`