jquery-csrf-token
v2.2.1
Published
Add a X-CSRF-TOKEN and X-CSRFToken header to each AJAX request.
Downloads
237
Readme
jquery-csrf-token
This package adds a csrf header to AJAX requests done via jQuery.
In the following situations no header is set:
- Cross Domain requests.
- Requests with type
GET
,HEAD
,OPTIONS
, orTRACE
.
Laravel uses the X-CSRF-TOKEN
header to check for a CSRF token. Django uses X-CSRFToken
. This package defaults to X-CSRF-TOKEN
for the header key, but you can change this using the config settings.
It's only dependency is on jQuery.
Installation:
$ npm install jquery-csrf-token --save
Usage
var csrfToken = require('jquery-csrf-token');
csrfToken.enable('my-beautiful-csrf-token', config);
csrfToken.setToken('updated-csrf-token');
Config
| Name | Default | Description |
| ---- | ------- | ----------- |
| key | X-CSRF-TOKEN | The key under which the csrf token should be send. Use X-CSRFTOKEN
for Django. |
| retry | false | Allow to get a new token if the current one is expired |
Retry
To be able to get a new token if the current one expired you need to pass a retry object for the config with two keys:
url
: URL to request the new tokenparseResponse
: A function that takes the token request response as a parameter and return the new tokenisCSRFFailure
(optional): A function that takes the failed request response as a parameter and return true if it's a CSRF failure. By default it just retry on every 403.
Example:
csrfToken.enable(data.csrf_token, {
key: 'X-CSRFTOKEN',
retry: {
url: 'api/bootstrap/',
parseResponse: resp => resp.csrf_token,
isCSRFFailure: resp => resp.statusCode === 403 && resp.responseJSON.message === 'CSRFFailure',
},
});
Changelog
2.2.1
- make sure custom functions are also inherited.
2.0.0
- add option to retry if token is invalid
- use rollup build system
1.0.0
- Changed api to support changing the csrf token.