issues
search
expressjs
/
csurf
CSRF token middleware
MIT License
2.3k
stars
217
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Support for CSRF token patterns as instructed by OWASP.
#263
kedarchandrayan
opened
2 years ago
1
Failed on validation when using with 2 backends
#255
convers39
opened
2 years ago
0
How I can validate csrf token one time with only a request
#249
longvd89
opened
2 years ago
0
Add support for cookie.secure === 'auto'
#242
STRML
opened
3 years ago
0
Added ignoreRoutes in the opts so that we can ignore specific routes
#241
sajeerzeji
closed
3 years ago
1
feat: expose generate/verify middlewares
#240
sushantdhiman
opened
3 years ago
4
Update docs to address situations with mixed protection approaches
#234
bradtaniguchi
closed
3 years ago
1
Fix token caching if secret is not changed
#231
slavamuravey
closed
3 years ago
1
throw error when the user repeatedly call csurf in same middleware
#230
Yu-Jack
opened
3 years ago
1
feature: make sure csurf work correctly when user repeatedly call `cs…
#229
Yu-Jack
closed
3 years ago
2
feature: prevent user call `csurf()` repeatedly
#228
Yu-Jack
closed
3 years ago
4
New token secret with every request
#220
Elliot128
closed
4 years ago
3
User's CSRF Token is invalid but doesn't look like so
#217
DanielVip3
closed
4 years ago
7
docs: fix typo
#213
klitynski
opened
4 years ago
0
Best practice for the csrf token and secret (signed? httponly?)
#211
mrkchang
closed
4 years ago
1
Add option to regenerate the secret
#206
SChetwynd
closed
10 months ago
3
Upgrade to cookie@0.4.0 for SameSite=None support
#205
naeims
closed
4 years ago
1
Support sameSite none option
#202
AGrigorii
closed
4 years ago
4
Dependency version bump
#200
JaredClayborn
closed
4 years ago
1
README: Clarify cookie security implications
#196
wmertens
closed
4 years ago
3
A cookie secret is not really secret
#195
wmertens
closed
5 years ago
1
No regeneration of secret when a valid token is submitted
#188
ptantiku
closed
5 years ago
2
BREACH attack mitigation
#186
techsin
closed
5 years ago
2
Allow custom function of ignore checking
#180
SOF3
opened
5 years ago
1
Fix res.cookie link, add httpOnly, signed, secure notes
#178
ivanm376
closed
5 years ago
0
Add an example of using in single page application
#175
zelongc
closed
5 years ago
2
Need docs and examples for working with single page application.
#174
mrdulin
closed
5 years ago
3
Csurf-expire patch
#160
x24git
opened
6 years ago
3
added expiry functionality
#159
x24git
closed
6 years ago
1
Token Lifetime
#156
ran-j
opened
6 years ago
2
add req.csrfCookie
#155
shenburak
closed
6 years ago
5
changed vars to const
#150
itsjzt
closed
6 years ago
1
previous token still valid
#142
shamonshan
closed
6 years ago
1
Disable CSRF checking during tests
#140
realmhamdy
closed
6 years ago
1
encouraging the use of signedCookies
#139
adon-at-work
closed
6 years ago
14
please document the `signed` config option
#138
adon-at-work
closed
6 years ago
4
Can docs clarify how cookie mode works?
#137
prufrock123
closed
6 years ago
3
Cannot validate CSRF token using the example code
#135
lobax
closed
6 years ago
4
A way of getting csrfToken through POST request
#133
Bogdan-Kalynovskyi
closed
6 years ago
3
Added ajax documentation
#132
AndrewHaine
closed
6 years ago
0
Added error for no active session
#127
franciscop
closed
3 years ago
2
Add credentials warning to documentation
#126
franciscop
closed
3 years ago
7
Feature add 'Encrypted Token Pattern'
#121
cmseaton42
opened
7 years ago
3
per-page CSRF token support
#120
francisfernando
opened
7 years ago
9
Documentation on using with Ajax
#118
george-norris-salesforce
closed
6 years ago
19
Added "ignoreRoutes" option to prevent CSRF from being checked on given routes
#113
anarqz
closed
6 years ago
1
I don't understand how this module works.
#111
miparnisari
closed
7 years ago
3
Update split token generation/validation branch from master
#91
strawbrary
opened
8 years ago
5
Invalid Token when using 'Ignoring Routes' example
#89
annon12
closed
8 years ago
3
Option to pass errors the connect way.
#88
VandorpeDavid
closed
8 years ago
1
Next