Skip to content

Commit 89bb00f

Browse files
kamilmysliwieckamilmysliwiec
committed
Merge branch 'khalednadam-fix-csrf-csrf-docs'
2 parents 5fb0274 + e75dbaa commit 89bb00f

File tree

1 file changed

+12
-8
lines changed

1 file changed

+12
-8
lines changed

content/security/csrf.md

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,26 +1,30 @@
11
### CSRF Protection
22

3-
Cross-site request forgery (also known as CSRF or XSRF) is a type of malicious exploit of a website where **unauthorized** commands are transmitted from a user that the web application trusts. To mitigate this kind of attack you can use the [csurf](https://github.com/expressjs/csurf) package.
3+
Cross-site request forgery (CSRF or XSRF) is a type of attack where **unauthorized** commands are sent from a trusted user to a web application. To help prevent this, you can use the [csrf-csrf](https://github.com/Psifi-Solutions/csrf-csrf) package.
44

55
#### Use with Express (default)
66

77
Start by installing the required package:
88

99
```bash
10-
$ npm i --save csurf
10+
$ npm i csrf-csrf
1111
```
1212

13-
> warning **Warning** This package is deprecated, refer to [`csurf` docs](https://github.com/expressjs/csurf#csurf) for more information.
13+
> warning **Warning** As noted in the [csrf-csrf documentation](https://github.com/Psifi-Solutions/csrf-csrf?tab=readme-ov-file#getting-started), this middleware requires session middleware or `cookie-parser` to be initialized beforehand. Please refer to the documentation for further details.
1414
15-
> warning **Warning** As explained in the [`csurf` docs](https://github.com/expressjs/csurf#csurf), this middleware requires either session middleware or `cookie-parser` to be initialized first. Please see that documentation for further instructions.
16-
17-
Once the installation is complete, apply the `csurf` middleware as global middleware.
15+
Once the installation is complete, register the `csrf-csrf` middleware as global middleware.
1816

1917
```typescript
20-
import * as csurf from 'csurf';
18+
import { doubleCsrf } from 'csrf-csrf';
2119
// ...
2220
// somewhere in your initialization file
23-
app.use(csurf());
21+
const {
22+
invalidCsrfTokenError, // This is provided purely for convenience if you plan on creating your own middleware.
23+
generateToken, // Use this in your routes to generate and provide a CSRF hash, along with a token cookie and token.
24+
validateRequest, // Also a convenience if you plan on making your own middleware.
25+
doubleCsrfProtection, // This is the default CSRF protection middleware.
26+
} = doubleCsrf(doubleCsrfOptions);
27+
app.use(doubleCsrfProtection);
2428
```
2529

2630
#### Use with Fastify

0 commit comments

Comments
 (0)