csrf-monkey

Automatically add CSRF headers to all clientside requests

handles both xhr and fetch
small footprint, no dependencies
configurable, testable and restorable

Installation

npm install --save csrf-monkey

Usage

Default behaviour

Put your csrf token in a meta tag in your head like so:

<html>
  <head>
    <meta name='csrf-token' content='value'>
  </head>
  <body></body>
</html>

Then call csrf-monkey. This will patch xhr and window.fetch so that your csrf token is automatically included in all clientside requests

var axios = require('axios')
require('csrf-monkey')()
 
fetch('/api') // request will include csrf header ('x-csrf-token': value)
axios.get('/api') // request will include csrf header ('x-csrf-token': value)

Options

var csrfMonkey = require('csrf-monkey')
csrfMonkey(header, token)
 
// you can also pass a custom header to csrf-monkey:
csrfMonkey('my-custom-csrf-header')
 
// and you can pass your csrf token value directly to csrf-monkey if you don't want to include it as a meta tag:
csrfMonkey(null, 'my-csrf-token')

Restore

var restore = csrfMonkey()
restore() // Restores everything back to how it was

Credits

Inspired by csrf-xhr

csrf-monkey

csrf-monkey

Installation

Usage

Options

Restore

Credits

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

Weekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

csrf-monkey

csrf-monkey

Installation

Usage

Options

Restore

Credits

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

DownloadsWeekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

Weekly Downloads