Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

docs and code

  • Loading branch information...
commit 3ae7e0c07dc98b74221bcd6c97204c6076438883 0 parents
@darobin authored
2  .gitignore
@@ -0,0 +1,2 @@
+node_modules
+npm-debug.log
50 README.md
@@ -0,0 +1,50 @@
+
+## Overview
+
+This is a very simple plugin for Express that does very little beyond make CSRF a touch
+easier to use. It does two things: enable CSRF protection using the built-in CSRF middleware,
+and exposes a "csrf" dynamic variable which can be rendered directly inside views for reuse
+by forms and JS.
+
+Not much really, but I found myself pasting this code over and over again, hence the module.
+
+## Usage
+
+ // somewhere after session and body parsing have been set up, but before any of your
+ // handlers kick in
+ require("express-csrf").plugCSRF(app);
+
+
+## Installation
+
+ $ npm install express-csrf
+
+## Interface
+
+This module exports a single method: plugCSRF(). It takes your app object and sets it
+up as described on the tin.
+
+## License
+
+(The MIT License)
+
+Copyright (c) 2012 Robin Berjon <robin@berjon.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
1  index.js
@@ -0,0 +1 @@
+module.exports = require("./lib/express-csrf");
10 lib/express-csrf.js
@@ -0,0 +1,10 @@
+var express = require('express');
+
+exports.plugCSRF = function (app) {
+ app.use(express.csrf());
+ app.dynamicHelpers({
+ csrf: function (req, res) {
+ return req.session ? req.session._csrf : "";
+ }
+ });
+};
12 package.json
@@ -0,0 +1,12 @@
+{
+ "name": "express-csrf"
+, "description": "Small helper plugin for the CSRF middleware in Express"
+, "version": "0.0.1"
+, "author": "Robin Berjon <robin@berjon.com>"
+, "dependencies": {
+ }
+, "devDependencies": {
+ }
+, "repository": "git://github.com/darobin/express-csrf"
+, "main": "index"
+}
Please sign in to comment.
Something went wrong with that request. Please try again.