expressjs/csurf

Issues

• Documentation on using with Ajax

  #118 opened 7 years ago by george-norris-salesforce
  19

• I don't understand how this module works.

  #111 opened 8 years ago by miparnisari
  3

• res.cookie is undefined with connect 3

  #19 opened 10 years ago by imrefazekas
  3

• ignoreRoutes as extension of ignoreMethods

  #75 opened 9 years ago by pszabo1
  9

• When session store is down, csurf should call next(err), not throw error

  #78 opened 8 years ago by simoami
  0

• Invalid Token when using 'Ignoring Routes' example

  #89 opened 9 years ago by annon12
  3

• Failed on validation when using with 2 backends

  #255 opened 3 years ago by convers39
  0

• How I can validate csrf token one time with only a request

  #249 opened 3 years ago by longvd89
  0

• Add credentials warning to documentation

  #126 opened 3 years ago by franciscop
  7

• Does cookie csurf actually work?

  #40 opened 10 years ago by deian
  11

• Random 'misconfigured csrf' exception thrown

  #73 opened 10 years ago by murdockcrc
  4

• Update docs to address situations with mixed protection approaches

  #234 opened 4 years ago by bradtaniguchi
  1

• New token secret with every request

  #220 opened 4 years ago by Elliot128
  3

• per-page CSRF token support

  #120 opened 8 years ago by francisfernando
  9

• User's CSRF Token is invalid but doesn't look like so

  #217 opened 4 years ago by DanielVip3
  7

• A way of getting csrfToken through POST request

  #133 opened 7 years ago by Bogdan-Kalynovskyi
  3

• Feature add 'Encrypted Token Pattern'

  #121 opened 8 years ago by cmseaton42
  3

• Best practice for the csrf token and secret (signed? httponly?)

  #211 opened 5 years ago by mrkchang
  1

• Upgrade to cookie@0.4.0 for SameSite=None support

  #205 opened 5 years ago by naeims
  1

• Expose token validation function

  #43 opened 10 years ago by jkrems
  7

• A cookie secret is not really secret

  #195 opened 5 years ago by wmertens
  1

• No regeneration of secret when a valid token is submitted

  #188 opened 5 years ago by ptantiku
  2

• BREACH attack mitigation

  #186 opened 6 years ago by techsin
  2

• Need docs and examples for working with single page application.

  #174 opened 6 years ago by mrdulin
  3

• Add ignore URL patterns (like options.ignoreMethods)

  #64 opened 10 years ago by amurchick
  3

• Token Lifetime

  #156 opened 6 years ago by ran-j
  2

• csrf always fails

  #52 opened 10 years ago by maplesap
  11

• previous token still valid

  #142 opened 7 years ago by shamonshan
  1

• Disable CSRF checking during tests

  #140 opened 7 years ago by realmhamdy
  1

• please document the `signed` config option

  #138 opened 7 years ago by adon-at-work
  4

• Can docs clarify how cookie mode works?

  #137 opened 7 years ago by prufrock123
  3

• Cannot validate CSRF token using the example code

  #135 opened 7 years ago by lobax
  4

• Question: any harm in setting res.locals.csrfToken?

  #55 opened 10 years ago by zebapy
  2

• TypeError: Bad input string - Hash.update

  #74 opened 10 years ago by nathanielescribano
  9

• how to handle csurf function not being available on req object when a session store goes down

  #60 opened 10 years ago by kellyrmilligan
  2

• Allow Configuration for Session Key

  #66 opened 10 years ago by rdegges
  2

• EBADCSRFTOKEN after session expirery

  #62 opened 10 years ago by borisdiakur
  9

• Disable it for API routes

  #59 opened 10 years ago by razvanz
  2

• When csrfToken() method is called?

  #56 opened 10 years ago by efkan
  2

• RFC 6648: SHOULD NOT prefix their parameter names with "X-"

  #49 opened 10 years ago by arty-name
  11

• Remove cookie-parser requirement for double-submit cookies

  #45 opened 10 years ago by dougwilson
  0

• Weird _csrf cookie issue in safari.

  #54 opened 10 years ago by SimeonC
  3

• How to expire old csrf tokens?

  #53 opened 10 years ago by maplesap
  3

• Unable to get Angular and Express to use csrf

  #51 opened 10 years ago by maplesap
  1

• Cookie csurf doesn't work

  #48 opened 10 years ago by arty-name
  57

• cookie option cannot be bool true or else .key is undefined...

  #34 opened 10 years ago by busticated
  5

• Add an example of usage including a form

  #31 opened 10 years ago by alvarotrigo
  1

• err does not have property 'code'

  #28 opened 10 years ago by beshur
  5

• Custom error type

  #27 opened 10 years ago by charlie-s
  2

• Invalid csrf token when calling req.session.destroy()

  #22 opened 10 years ago by pruhstal
  5