Sets a cookie containing the CSRF token. Useful for Single page apps.
JavaScript
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.gitignore
README.md
index.js
package.json

README.md

connect-csrf-cookie

By default this middleware sets a "csrftoken" cookie containing the csrf token generated by the csrf middleware. This is especially helpful for Single Page Apps which make lots of AJAX calls.

This middleware requires session support and the csrf middleware, thus should be added somewhere below session(), cookieParser() and csrf().

See this answer on StackOverflow for the security implications.

Install

npm install connect-csrf-cookie

Usage

app.use(connect.cookieParser());
app.use(connect.session({ secret: 'keyboard cat' }));
app.use(connect.csrf());
app.use(require('connect-csrf-cookie')());

The middleware takes an optional parameter cookie_key which will determine the name of the cookie.