csurf
csurf copied to clipboard
CSRF token middleware
This mirrors support in [express-session](https://expressjs.com/en/resources/middleware/session.html#cookiesecure) where we look at the value of req.headers['x-forwarded-proto'] to automatically determine if we should set Secure. This provides the developer with a safe way of...
Fixes #10 Default exported function now returns a middleware function with two extra members `generate` and `verify`. Properties `generate` and `verify` are both middleware functions, which can be used to...
I think and think over again in [PR-228](https://github.com/expressjs/csurf/pull/228) and [PR-229](https://github.com/expressjs/csurf/pull/229). There are maybe few users repeatedly called `csurf({cookie: true})` with same middleware. So, I think I just warn this situation...
Previous functionality allowed the same token to be used for the life of the session. This option will regenerate the secret everytime req.crsfToken() is called, invalidating the previous secret. Related...
Added in functionality that allows for the read in of the "max age" option for a cookie (if being created with cookies not sessions). If the cookie is expired, then...
I have 2 different nodejs backends which both use csurf to issue csrf tokens. But only one is working properly. The codes are very identical, both `api/auth` and `api/reviews` are...
i send post request create user with a token csrf . i want when create user success the token csrf cannot reuse ( i want csrf invalid when reuse) in...