https://github.com/ceejbot/level-session-csrf
connect middleware that stores a csrf token in a level-session store
https://github.com/ceejbot/level-session-csrf
Last synced: about 1 year ago
JSON representation
connect middleware that stores a csrf token in a level-session store
- Host: GitHub
- URL: https://github.com/ceejbot/level-session-csrf
- Owner: ceejbot
- License: mit
- Created: 2013-10-05T17:34:57.000Z (over 12 years ago)
- Default Branch: master
- Last Pushed: 2017-05-02T18:11:31.000Z (about 9 years ago)
- Last Synced: 2025-06-20T13:33:48.419Z (about 1 year ago)
- Language: JavaScript
- Size: 8.79 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# level-session-csrf
Connect middleware that implements csrf tokens backed by a level-session store. API-compatible with [connect/csrf](http://www.senchalabs.org/connect/csrf.html).
[](https://www.npmjs.com/package/level-session-csrf)
## Usage
```javascript
var csrf = require('level-session-csrf');
var sessiondb = require('level-session')(
{
location: path.join(config.dbpath, 'sessions.db'),
expire: app.SESSION_TTL,
keys: config.secrets
});
var app = express();
app.use(sessiondb);
app.use(csrf());
```
Then to add the token to the locals for any specific request:
```javascript
response.render('template', { '_csrf': request.csrfToken() });
```
The middleware by default assumes that you are providing the token in a form or query parameter named `_csrf`, or in a request header called `x-csrf-token` or `x-xsrf-token`.
## Options
You can optionally pass an options object to `csrf()` to specify a custom value-checking function. The value-checking function is passed the request object, which it may inspect as it wishes. The function must return a token string. For instance, if you wanted to look at a custom form parameter instead of `_csrf`:
```javascript
function customValue(request)
{
return request.body.my_form_parameter;
}
var options = { 'value': customValue };
app.use(csrf(options));
```
## LICENSE
MIT.