Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

fusion-plugin-csrf-protection

Package Overview
Dependencies
Maintainers
1
Versions
484
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

fusion-plugin-csrf-protection

Generic CSRF-protection utility for use with any session manager or csrf secret/token generator

  • 3.4.7
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
11
decreased by-97.74%
Maintainers
1
Weekly downloads
 
Created
Source

fusion-plugin-csrf-protection

Build status

Provides a modified fetch that is automatically secure against CSRF attacks for non-idempotent HTTP methods.

This enhancer handles CSRF protection by adding a server side middleware that checks for a valid CSRF token on requests for non-idempotent HTTP methods (e.g. POST).

Table of contents


Installation

yarn add fusion-plugin-csrf-protection

Usage

import {createPlugin} from 'fusion-core';
import {FetchToken} from 'fusion-tokens';

const pluginUsingFetch = createPlugin({
  deps: {
    fetch: FetchToken,
  },
  provides: ({fetch}) => {
    return {
      getUser: () => {
        return fetch('/get-user');
      }
    }
  },
});

Setup

// src/main.js
import React from 'react';
import {FetchToken} from 'fusion-tokens';
import App from 'fusion-react';
import CsrfProtectionEnhancer, {
  CsrfIgnoreRoutesToken,
} from 'fusion-plugin-csrf-protection';
import fetch from unfetch;

export default () => {
  const app = new App(<div></div>);
  app.register(FetchToken, fetch);
  app.enhance(FetchToken, CsrfProtectionEnhancer);
  // optional
  __NODE__ && app.register(CsrfIgnoreRoutesToken, []);
}

Usage with React

Assuming this plugin has already been registered, fetch can be consumed from React via useService (React v16.8+ required):

import {useService} from 'fusion-react';
import {FetchToken} from 'fusion-tokens';

function Component() {
  const fetch = useService(FetchToken);

  // ...
}

See useService docs in fusion-react for more information.

API

Registration API
CsrfProtectionEnhancer
import CsrfProtectionEnhancer from 'fusion-plugin-csrf-protection';

The CSRF protection enhancer. Typically, it should be used to enhance the FetchToken.

This enhances the FetchToken and provides the fetch api and a server side middleware for validating CSRF requests.

FetchToken
import {FetchToken} from 'fusion-tokens';

The canonical token for an implementation of fetch. This CSRF plugin is generally registered as an enhancer on that token. For more, see the fusion-tokens repo.

Dependencies
CsrfIgnoreRoutesToken
import {CsrfIgnoreRoutesToken} from 'fusion-plugin-csrf-protection';

A list of routes to ignore csrf protection on. This is rarely needed and should be used with caution.

Types

type CsrfIgnoreRoutes = Array<string>;

Default value

Empty array []

Service API
const response: Response = fetch('/test', {
  method: 'POST',
})

fetch: (url: string, options: Object) => Promise - Client-only. A decorated fetch function that automatically does pre-flight requests for CSRF tokens if required.

See https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API for more on the fetch api.

FAQs

Package last updated on 20 Feb 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc