Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

upgrade to csrf-lite 0.0.2

  • Loading branch information...
commit f54b47411632aaf0371fe3ed5b6784d7bc69d902 1 parent d3dbeb7
@isaacs isaacs authored
2  node_modules/csrf-lite/csrf.js
@@ -22,7 +22,7 @@ csrf.html = function (token) {
return '<input type=hidden name=x-csrf-token value="' + token + '">'
-csrf.validate = function (data, token) {
+csrf.valid = csrf.validate = function (data, token) {
if (!token || typeof token !== 'string')
return false
6 node_modules/csrf-lite/package.json
@@ -1,6 +1,6 @@
"name": "csrf-lite",
- "version": "0.0.1",
+ "version": "0.0.2",
"description": "csrf protection for framework-less node sites",
"main": "csrf.js",
"scripts": {
@@ -30,6 +30,6 @@
"readme": "# csrf-lite\n\nCSRF protection utility for framework-free node sites.\n\n## Usage\n\n```javascript\nvar csrf = require('csrf-lite');\nvar Cookies = require('cookies');\nvar qs = require('querystring');\n\nhttp.createServer(function (req, res) {\n var c = new Cookies(req, res);\n\n // use the session id as the token\n var token = c.get('sessid');\n\n // if the user doesn't have one, then give them one.\n // it's just a random string anyway.\n if (!token) {\n token = csrf(token);\n c.set('sessid', token);\n }\n\n switch (req.method) {\n case 'GET': return showForm(req, res, token);\n case 'POST': return validForm(req, res, token);\n }\n}).listen(PORT)\n\nfunction showForm(req, res, token) {\n res.end('<html><form method=post>' +\n '<label>Name <input name=name></label>' +\n // add the csrf token html\n csrf.html(token) +\n '<input type=submit value=GO>' +\n '</form></html>');\n}\n\nfunction validForm(req, res, token) {\n // note: this won't work for \n req.setEncoding('utf8');\n var data = '';\n req.on('data', function(c) {\n data += c;\n });\n req.on('end', function() {\n data = querystring.parse(data);\n\n // validate with the user's token\n var valid = csrf.validate(data, token);\n if (valid)\n res.end('ok\\n');\n else {\n res.statusCode = 403;\n res.end('csrf detected!\\n');\n }\n });\n}\n```\n\n## csrf(token)\n\nIf a token is supplied, then returns it. If not, then it generates a\n192-bit random string and returns that.\n\nMake sure that you stash the token somewhere like a session or\nsomething, so that it can be retrieved later.\n\n## csrf.html(token)\n\nReturns an `<input>` field containing the token, for csrf validation\nin forms.\n\nIf no token is provided, then it returns nothing.\n\n## csrf.validate(data, token)\n\nValidates that the `x-csrf-token` field is equal to the token. Call this\nwith the parsed form data on the other side. Can also be used on\nrequest headers, query string, or any other random data.\n",
"readmeFilename": "",
- "_id": "csrf-lite@0.0.1",
- "_from": "csrf-lite@"
+ "_id": "csrf-lite@0.0.2",
+ "_from": "csrf-lite@latest"
Please sign in to comment.
Something went wrong with that request. Please try again.