Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds middleware for Cross-Site Request Forgery (CSRF) #35

Closed
eduardolundgren opened this issue Feb 23, 2017 · 1 comment
Closed

Adds middleware for Cross-Site Request Forgery (CSRF) #35

eduardolundgren opened this issue Feb 23, 2017 · 1 comment
Assignees
@eduardolundgren
Labels
enhancement

Comments

@eduardolundgren
Copy link
Contributor

No description provided.

@eduardolundgren eduardolundgren self-assigned this Feb 23, 2017
@eduardolundgren
Copy link
Contributor Author

It's a tricky decision to support this by default since it's only recommended to have CSRF protection for requests that always comes from inside the same app, if the api is public or can be consumed by a third-party it's not possible to enable it.

See https://www.npmjs.com/package/csurf
See https://blog.risingstack.com/node-js-security-checklist

Therefore, you can plug it yourself on your magnet route:

import csrf from 'csurf';

let csrfProtection = csrf({ cookie: true });

export default (app) => {
   app.post('/internal', csrfProtection, (req, res) => {...});
};

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eduardolundgren eduardolundgren

Labels
enhancement
Milestone
No milestone
Development

No branches or pull requests
1 participant
@eduardolundgren