0.1.0 • Published 10 years ago

seasurf v0.1.0

Weekly downloads
3
License
MIT
Repository
github
Last release
10 years ago

seasurf

CSRF session middleware.

Installation

$ npm install seasurf

Usage

var seasurf = require('seasurf');

// All paths past this point have access to the csrfToken method
app.use(seasurf({
  // see Options
});

Options

paths: Array of leading pathnames to enforce CSRF tokens on (with an enforced method). Defaults to all paths.

methods: Array of HTTP method names to enforce CSRF tokens on (with an enforced path). Defaults to all methods.

session: Name of the key pointing to session data. Defaults to 'session'.

token(req, res): Function returning the CSRF token from a request. Defaults to the value of the X-CSRF-Token header.

unverified(req, res): Function called when a CSRF token cannot be verified. Defaults to an empty response with status 403.

License

Released under the terms of the MIT license. See LICENSE.

0.1.0

10 years ago

0.0.1

10 years ago