0

I looked at csrf implementation in node js Git hub example and was wondering this is for a application level. What if I want to apply it on one or two pages in the application. I did not find any example on the web. I know that in asp.net you can do it but not sure how the same can be achieved in Node JS.

Any help in guiding to a solution is greatly appreciated.

Raghavendra Prasad
  • 649
  • 1
  • 5
  • 12

1 Answers1

0

Add the csruf middleware on the routes which you want to protect. Like the example in the Github link shows:

app.get('/route/to/protect', csrfProtection, function (req, res) {
   // pass the csrfToken to the view
   res.render('send', { csrfToken: req.csrfToken() })
})

This will allow csrf only for this route and not others. You can also use Regex to match routes as explained in the express docs.

tbking
  • 8,796
  • 2
  • 20
  • 33
  • We are using res.redirect(). For this csrftoken cannot be passed the way you have shown in your example. Can you share a sample if we use res.redirect(). – Raghavendra Prasad Feb 07 '19 at 16:31