search

krakenjs / lusca

Application security for express apps.
Other
1.78k stars 123 forks source link

Allow CSRF cookie options to be set #103

Closed stgogm closed 7 years ago

stgogm commented 7 years ago

This fix allows us to set cookie options and maintain compatibility with current configurations.

Example configurations:

// Using AngularJS with cookie options
lusca.csrf({
  angular: true,
  cookie: {
    options: {
      httpOnly: true,
      secure: true
    }
  }
});
// Using custom cookie name and options.
lusca.csrf({
  cookie: {
    name: 'MyCustomCSRFCookieName',
    options: {
      httpOnly: true,
      secure: true
    }
  }
});
// Using this also works
lusca.csrf({
  cookie: 'MyCustomCSRFCookieName'
});
// Using this works too
lusca.csrf({
  cookie: {
    name: 'MyCustomCSRFCookieName'
  }
});
stgogm commented 7 years ago

Missed one check. Sorry!