Comments (7)
You can reference the Connect documentation.
http://www.senchalabs.org/connect/csrf.html
from csurf.
Still needs proper examples.
from csurf.
It would be awesome to have an example showing how to integrate session-based CSRF, just simple code examples with Express 4 would be a huge improvement. Right now I have found one article that explains how to do it in Express 4, but doesn't go into session-based CSRF, just cookies. As a bit of a noob to the security-layer, this would be nice to have in the module readme. Even a basic working code example with no documentation would be great!
from csurf.
The only way I can understand to do it in a way relatable to real-world is to do the example in 3 parts; server, jade template and client js.
Which seems kinda excessive, but idk how to make it reasonably clear otherwise. Maybe I don't understand it enough.
from csurf.
@Fishrock123 what we need is a separate repo for everything in https://github.com/visionmedia/express/tree/master/examples (where each subfolder has their own package.json
, even). Then we could add some for csrf
and point people there in the docs here.
from csurf.
@dougwilson +1 to that!
from csurf.
Considering that everything is pretty broken apart into these modules, I don't see why minor commit logs for examples and a .npmignore
'd /examples
directory would be a problem in these modules.
I think in the end it may be more sane to maintain than a separate amalgamated repo.
from csurf.
Related Issues (20)
- Feature add 'Encrypted Token Pattern' HOT 3
- Add credentials warning to documentation HOT 7
- A way of getting csrfToken through POST request HOT 3
- Cannot validate CSRF token using the example code HOT 4
- Can docs clarify how cookie mode works? HOT 3
- please document the `signed` config option HOT 4
- Disable CSRF checking during tests HOT 1
- previous token still valid HOT 1
- Token Lifetime HOT 2
- Need docs and examples for working with single page application. HOT 3
- BREACH attack mitigation HOT 2
- No regeneration of secret when a valid token is submitted HOT 2
- A cookie secret is not really secret HOT 1
- Upgrade to [email protected] for SameSite=None support HOT 1
- Best practice for the csrf token and secret (signed? httponly?) HOT 1
- User's CSRF Token is invalid but doesn't look like so HOT 7
- New token secret with every request HOT 3
- Update docs to address situations with mixed protection approaches HOT 1
- How I can validate csrf token one time with only a request
- Failed on validation when using with 2 backends
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from csurf.