Skip to content
This repository
Browse code

csrf

  • Loading branch information...
commit 92da48c79bb2405509d4f84f255924eab5c44456 1 parent d07665e
TJ Holowaychuk authored

Showing 1 changed file with 22 additions and 0 deletions. Show diff stats Hide diff stats

  1. +22 0 en/api/mw-csrf.jade
22 en/api/mw-csrf.jade
... ... @@ -0,0 +1,22 @@
  1 +
  2 +section
  3 + h3(id='csrf') csrf()
  4 +
  5 + p.
  6 + CRSF protection middleware.
  7 +
  8 + p.
  9 + By default this middleware generates a token named "_csrf"
  10 + which should be added to requests which mutate
  11 + state, within a hidden form field, query-string etc. This
  12 + token is validated against the visitor's <code>req.session._csrf</code>
  13 + property.
  14 +
  15 + p.
  16 + The default <code>value</code> function checks <code>req.body</code> generated
  17 + by the <code>bodyParser()</code> middleware, <code>req.query</code> generated
  18 + by <code>query()</code>, and the "X-CSRF-Token" header field.
  19 +
  20 + p.
  21 + This middleware requires session support, thus should be added
  22 + somewhere below <code>session()</code>.

0 comments on commit 92da48c

Please sign in to comment.
Something went wrong with that request. Please try again.