1.0.0 • Published 9 years ago
alt-xsrf v1.0.0
Anti-XSRF middleware
This XSRF prevention middleware:
- stores XSRF secret in Redis-backed session
- exposes a token on
res.locals
variablexsrfToken
- exposes a token via cookie
- validates incoming token if not ignored
Note: this middleware requires alt-session to be installed beforehand.
You can provide custom ignore function via options:
options.ignore = function(req, res) {
return true; // Ignore all requests
}
You can provide custom token source getter
(by default it takes X-XSRF-TOKEN
header value to ensure
compatibility with Angular):
options.getToken = function(req, res) {
return req.get('X-XSRF-TOKEN');
}
1.0.0
9 years ago