1.0.1 • Published 5 months ago

@csrf-armor/express v1.0.1

Weekly downloads
-
License
MIT
Repository
-
Last release
5 months ago

@csrf-armor/express

CI npm version License: MIT TypeScript Express.js

Express.js adapter for CSRF Armor - Advanced CSRF protection for Express.js applications.

Installation

npm install @csrf-armor/express
# or
yarn add @csrf-armor/express
# or
pnpm add @csrf-armor/express

Usage

import express from 'express';
import { csrfMiddleware } from '@csrf-armor/express';

const app = express();

// Create the CSRF middleware
const csrfProtect = csrfMiddleware({
  // Optional configuration
  excludePaths: ['/webhook'], // Paths to exclude from CSRF protection
  strategy: 'signed-double-submit', // CSRF protection strategy
  secret: 'your-secret-key', // Required for signed strategies
  cookie: {
    name: 'csrf-token',
    options: {
      httpOnly: true,
      secure: true,
      sameSite: 'strict'
    }
  }
});

// Apply the middleware to protected routes
app.use('/api', csrfProtect);

// Your routes here
app.post('/api/data', (req, res) => {
  res.json({ success: true });
});

Configuration

The middleware accepts all configuration options from @csrf-armor/core. See the core documentation for detailed configuration options.

📄 License

MIT © Muneeb Samuels

📦 Related Packages

Questions? Open an issue or start a discussion!

csrfsecurityexpressmiddlewarecsrf-protection
@csrf-armor/core
1.0.1

5 months ago

1.0.0

5 months ago

0.0.1

5 months ago