You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/security/csrf.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
### CSRF Protection
2
2
3
-
Cross-site request forgery (also known as CSRF or XSRF) is a type of malicious exploit of a website where **unauthorized** commands are transmitted from a user that the web application trusts. To mitigate this kind of attack you can use the [csrf-csrf](https://github.com/Psifi-Solutions/csrf-csrf) package.
3
+
Cross-site request forgery (CSRF or XSRF) is a type of attack where **unauthorized** commands are sent from a trusted user to a web application. To help prevent this, you can use the [csrf-csrf](https://github.com/Psifi-Solutions/csrf-csrf) package.
4
4
5
5
#### Use with Express (default)
6
6
@@ -10,17 +10,17 @@ Start by installing the required package:
10
10
$ npm i csrf-csrf
11
11
```
12
12
13
-
> warning **Warning** As explained in the [`csrf-csrf` docs](https://github.com/Psifi-Solutions/csrf-csrf?tab=readme-ov-file#getting-started), this middleware requires either session middleware or `cookie-parser` to be initialized first. Please see that documentation for further instructions.
13
+
> warning **Warning** As noted in the [csrf-csrf documentation](https://github.com/Psifi-Solutions/csrf-csrf?tab=readme-ov-file#getting-started), this middleware requires session middleware or `cookie-parser` to be initialized beforehand. Please refer to the documentation for further details.
14
14
15
-
Once the installation is complete, apply the `csrf-csrf` middleware as global middleware.
15
+
Once the installation is complete, register the `csrf-csrf` middleware as global middleware.
16
16
17
17
```typescript
18
18
import { doubleCsrf } from'csrf-csrf';
19
19
// ...
20
20
// somewhere in your initialization file
21
21
const {
22
-
invalidCsrfTokenError, // This is just for convenience if you plan on making your own middleware.
23
-
generateToken, // Use this in your routes to provide a CSRF hash + token cookie and token.
22
+
invalidCsrfTokenError, // This is provided purely for convenience if you plan on creating your own middleware.
23
+
generateToken, // Use this in your routes to generate and provide a CSRF hash, along with a token cookie and token.
24
24
validateRequest, // Also a convenience if you plan on making your own middleware.
25
25
doubleCsrfProtection, // This is the default CSRF protection middleware.
0 commit comments