1.0.11 • Published 6 years ago
csrf-monkey v1.0.11
csrf-monkey
Automatically add CSRF headers to all clientside requests
- handles both xhr and fetch
- small footprint, no dependencies
- configurable, testable and restorable
Installation
npm install --save csrf-monkeyUsage
Default behaviour
Put your csrf token in a meta tag in your head like so:
<html>
<head>
<meta name='csrf-token' content='value'>
</head>
<body></body>
</html>Then call csrf-monkey. This will patch xhr and window.fetch so that your csrf token is automatically included in all clientside requests
var axios = require('axios')
require('csrf-monkey')()
fetch('/api') // request will include csrf header ('x-csrf-token': value)
axios.get('/api') // request will include csrf header ('x-csrf-token': value)Options
var csrfMonkey = require('csrf-monkey')
csrfMonkey(header, token)
// you can also pass a custom header to csrf-monkey:
csrfMonkey('my-custom-csrf-header')
// and you can pass your csrf token value directly to csrf-monkey if you don't want to include it as a meta tag:
csrfMonkey(null, 'my-csrf-token')Restore
var restore = csrfMonkey()
restore() // Restores everything back to how it wasCredits
- Inspired by
csrf-xhr