issues
search
expressjs
/
csurf
CSRF token middleware
MIT License
2.3k
stars
217
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Update readme to highlight the danger of ignoring CSRF checks
#84
scottymcribs
closed
8 years ago
5
Exposed verify token. Fixes #43.
#82
YourDeveloperFriend
opened
9 years ago
15
Options now looping over object properties using hasOwnProperty()
#81
visualjeff
closed
9 years ago
3
added example of csurf ignoring routers
#79
gabeio
closed
9 years ago
1
When session store is down, csurf should call next(err), not throw error
#78
simoami
closed
8 years ago
0
added example of csurf ignoring routers
#77
gabeio
closed
9 years ago
5
ignoreRoutes as extension of ignoreMethods
#75
pszabo1
closed
9 years ago
9
TypeError: Bad input string - Hash.update
#74
nathanielescribano
closed
9 years ago
9
Random 'misconfigured csrf' exception thrown
#73
murdockcrc
closed
9 years ago
4
added paths to ignore
#69
imrefazekas
closed
9 years ago
4
Adding in Support for Flexible Session Keys
#67
rdegges
closed
9 years ago
15
Allow Configuration for Session Key
#66
rdegges
closed
9 years ago
2
Update README.md
#65
hellish
closed
9 years ago
2
Add ignore URL patterns (like options.ignoreMethods)
#64
amurchick
closed
9 years ago
3
Improved docs (see discussion in #62)
#63
borisdiakur
closed
9 years ago
1
EBADCSRFTOKEN after session expirery
#62
borisdiakur
closed
9 years ago
9
how to handle csurf function not being available on req object when a session store goes down
#60
kellyrmilligan
opened
9 years ago
2
Disable it for API routes
#59
razvanz
closed
9 years ago
2
add user agent opinion
#57
RenderCoder
closed
9 years ago
3
When csrfToken() method is called?
#56
efkan
closed
9 years ago
2
Question: any harm in setting res.locals.csrfToken?
#55
zebapy
closed
9 years ago
2
Weird _csrf cookie issue in safari.
#54
SimeonC
closed
9 years ago
3
How to expire old csrf tokens?
#53
maplesap
closed
9 years ago
3
csrf always fails
#52
maplesap
closed
9 years ago
11
Unable to get Angular and Express to use csrf
#51
maplesap
closed
9 years ago
1
added csrf-token/xsrf-token as possible headers
#50
gabeio
closed
9 years ago
1
RFC 6648: SHOULD NOT prefix their parameter names with "X-"
#49
arty-name
closed
9 years ago
11
Cookie csurf doesn't work
#48
arty-name
closed
9 years ago
57
Allow to manually verify CSRF tokens for ignored methods
#47
shesek
closed
9 years ago
4
use cached token if secret has not changed
#46
krishnasrinivas
closed
9 years ago
10
Remove cookie-parser requirement for double-submit cookies
#45
dougwilson
opened
9 years ago
0
Expose token validation function
#43
jkrems
opened
9 years ago
7
Added default cookie path
#41
edelprino
closed
9 years ago
3
Does cookie csurf actually work?
#40
deian
closed
9 years ago
11
Splits token generation and validation
#37
arcanis
closed
8 years ago
20
cookie option cannot be bool true or else .key is undefined...
#34
busticated
closed
9 years ago
5
Add an example of usage including a form
#32
alvarotrigo
closed
10 years ago
4
Add an example of usage including a form
#31
alvarotrigo
closed
10 years ago
1
Check for _CSRF GET parameter
#29
stepri
closed
10 years ago
4
err does not have property 'code'
#28
beshur
closed
10 years ago
5
Custom error type
#27
charlie-s
closed
10 years ago
2
Allow user to select methods to ignore.
#26
STRML
closed
10 years ago
9
Added 'ECSRFTOKENINVALID' to indicate validation failure
#24
valango
closed
10 years ago
24
Invalid csrf token when calling req.session.destroy()
#22
pruhstal
closed
10 years ago
5
res.cookie is undefined with connect 3
#19
imrefazekas
closed
10 years ago
3
fix JSHint warnings
#16
niftylettuce
closed
10 years ago
6
cookie option issues
#14
jonathanong
opened
10 years ago
2
Safari 7.04 403 "invalid csrf token"
#12
dstroot
closed
10 years ago
4
separating token creation and checking
#10
mscdex
opened
10 years ago
27
2.0.0
#9
dougwilson
closed
10 years ago
2
Previous
Next