		{
		"name": "edge-csrf",
		"description": "CSRF protection for Next.js middleware",
		"version": "0.2.1",
		"version": "0.2.2-rc1",
		"author": "Andres Morey",
		"license": "MIT",
		"repository": "amorey/edge-csrf",
		"type": "module",
		"main": "dist/index.js",
		"types": "dist/index.d.ts",
		"main": "dist/cjs/index.js",
		"module": "dist/esm/index.js",
		"types": "dist/cjs/index.d.ts",
		"files": [
		@@ -16,3 +16,3 @@ "/dist"
		"bench": "node --experimental-specifier-resolution=node",
		"build": "rm -rf dist && tsc",
		"build": "rm -rf dist && tsc && tsc --build tsconfig.cjs.json",
		"lint": "eslint",
		@@ -19,0 +19,0 @@ "test": "jest --env @edge-runtime/jest-environment"

README.md

		@@ -14,2 +14,3 @@ # Edge-CSRF
		- Customizable cookie options
		- TypeScript definitions included

		@@ -24,9 +25,10 @@ # Quickstart

		Next, create a middleware file (`middleware.js`) for your project and add the Edge-CSRF middleware:
		Next, create a middleware file (`middleware.ts`) for your project and add the Edge-CSRF middleware:

		```javascript
		// middleware.js
		```typescript
		// middleware.ts

		import csrf from 'edge-csrf';
		import { NextResponse } from 'next/server';
		import type { NextRequest } from 'next/server';

		@@ -36,3 +38,3 @@ // initalize protection function

		export async function middleware(request) {
		export async function middleware(request: NextRequest) {
		const response = NextResponse.next();
		@@ -56,7 +58,16 @@

		```javascript
		// pages/api/csrf-invalid.js
		```typescript
		// pages/api/csrf-invalid.ts

		export default function handler(req, res) {
		res.status(403).send('invalid csrf token');
		import type { NextApiRequest, NextApiResponse } from 'next';

		type Data = {
		status: string
		};

		export default function handler(
		req: NextApiRequest,
		res: NextApiResponse<Data>
		) {
		res.status(403).send({ status: 'invalid csrf token' });
		}
		@@ -67,14 +78,22 @@ ```

		```javascript
		// pages/my-form.js
		```typescript
		// pages/form.ts

		export function getServerSideProps({ res }) {
		import type { GetServerSideProps } from 'next';
		import React from 'react';

		type Props = {
		csrfToken: string
		};

		export const getServerSideProps: GetServerSideProps = async ({ res }) => {
		const csrfToken = res.getHeader('x-csrf-token');
		return {props: { csrfToken }};
		return { props: { csrfToken } };
		}

		export default function MyFormPage({ csrfToken }) {
		const FormPage: React.FunctionComponent<Props> = ({ csrfToken }) => {
		return (
		<form>
		<form action="/api/form-handler" method="post">
		<input type="hidden" value={csrfToken}>
		<input type="text" name="my-input">
		<input type="submit">
		@@ -84,7 +103,40 @@ </form>
		}

		export default FormPage;
		```

		```typescript
		// pages/api/form-handler.ts

		import type { NextApiRequest, NextApiResponse } from 'next';

		type Data = {
		status: string
		};

		export default function handler(
		req: NextApiRequest,
		res: NextApiResponse<Data>
		) {
		// this code won't execute unless CSRF token passes validation
		res.status(200).json({ status: 'success' });
		}
		```

		# Configuration

		To configure the CSRF middleware function just pass an object containing your options to the initialization method:

		```javascript
		const csrfProtect = csrf({
		cookie: {
		name: '_myCsrfSecret'
		},
		secretByteLength: 20
		});
		```

		Here are the default configuration values:

		```javascript
		// default config
		@@ -96,3 +148,3 @@
		path: '/',
		maxAge: null,
		maxAge: undefined,
		domain: '',
		@@ -108,9 +160,5 @@ secure: true,
		responseHeader: 'x-csrf-token',
		value: null
		value: undefined
		}
		}
		```

		TODO:
		- Add details to error response
		- Typescript support

dist/config.d.ts

dist/config.js

dist/index.d.ts

dist/index.js

dist/util.d.ts

dist/util.js

edge-csrf - npm Package Compare versions

New alerts

Improved metrics

Worsened metrics