@chmking/h3-csrf
v1.0.3
Published
CSRF token middleware for H3
Downloads
130
Readme
H3 CSRF
Node.js CSRF protection middleware for H3.
Installation
This is a Node.js module available through the
npm registry. Installation is done using the
npm install
command:
$ npm install @chmking/h3-csrf
Usage
The CSRF protection middleware is added to H3 as a priority to inject csrfToken()
in the event
:
import { createServer } from 'http'
import { createApp, eventHandler, toNodeListener } from 'h3'
import { csrf } from '@chmking/h3-csrf'
const app = createApp()
app.use(eventHandler(csrf({ cookie: { ... } })))
const server = createServer(toNodeListener(app))
In following layers, the token can be retrieved from the event
:
handler(event: H3Event) => {
const token = event.node.req.csrfToken()
}
csrf([options])
Creates a middleware for token creation an validation. The middleare injects event.req.csrfToken()
function to make a token which should be added to requests which mutate the state. This token it validated against the visitor's csrf cookie.
Options
The csrf
function takes an optional Options
object that may contain the following keys:
verifiedMehtods?: Array<HTTPMethod>
A list of HTTP methods that will be verified by the CSRF middleware. Only the server endpoints corresponding to these methods will be verified.
Defaults:
['PATCH', 'POST', 'PUT', 'DELETE']
cookie?: CookieOptions
Cookie options define how the CSRF cookie gets serialized. This extends CookieSerializeOptions
from cookie-es
to include name
for cookie customization.
Defaults:
{
name: '_csrf',
path: '/'
}
License
Distributed under the MIT License. See LICENSE for more information.