csrf-monkey

Automatically add CSRF headers to all clientside requests

Usage no npm install needed!

<script type="module">
  import csrfMonkey from 'https://cdn.skypack.dev/csrf-monkey';
</script>

README

js-standard-style Travis CI Coverage Status devDependency Status

csrf-monkey

Automatically add CSRF headers to all clientside requests

  • handles both xhr and fetch
  • small footprint, no dependencies
  • configurable, testable and restorable

Installation

npm install --save csrf-monkey

Usage

Default behaviour

Put your csrf token in a meta tag in your head like so:

<html>
  <head>
    <meta name='csrf-token' content='value'>
  </head>
  <body></body>
</html>

Then call csrf-monkey. This will patch xhr and window.fetch so that your csrf token is automatically included in all clientside requests

var axios = require('axios')
require('csrf-monkey')()

fetch('/api') // request will include csrf header ('x-csrf-token': value)
axios.get('/api') // request will include csrf header ('x-csrf-token': value)

Options

var csrfMonkey = require('csrf-monkey')
csrfMonkey(header, token)

// you can also pass a custom header to csrf-monkey:
csrfMonkey('my-custom-csrf-header')

// and you can pass your csrf token value directly to csrf-monkey if you don't want to include it as a meta tag:
csrfMonkey(null, 'my-csrf-token')

Restore

var restore = csrfMonkey()
restore() // Restores everything back to how it was

Credits

  • Inspired by csrf-xhr