csrf
csrf: (
options?) =>any
Defined in: http/csrf.js:53
Creates a CSRF token issuance and verification middleware.
Parameters
Section titled “Parameters”options?
Section titled “options?”CSRF configuration
cookieOptions?
Section titled “cookieOptions?”any = {}
Cookie directives passed to the cookie factory
cookieTokenName?
Section titled “cookieTokenName?”string = 'CSRF-TOKEN'
Cookie name for the CSRF token
cookieUuidName?
Section titled “cookieUuidName?”string = 'CSRF-UUID'
Cookie name for the CSRF UUID
encoding?
Section titled “encoding?”string
Token encoding (default: base64)
headerTokenName?
Section titled “headerTokenName?”string = 'X-CSRF-TOKEN'
Request header name for the CSRF token
secret
Section titled “secret”string
HMAC secret for token signing
Returns
Section titled “Returns”any
- Object with
issue(req, res, ...rest)andverify(req, res, ...rest)methods;verifyreturns{response: {statusCode: 403}}when CSRF token verification fails