139 lines
9.5 KiB
JSON
139 lines
9.5 KiB
JSON
{
|
|
"_args": [
|
|
[
|
|
{
|
|
"raw": "csurf@~1.8.3",
|
|
"scope": null,
|
|
"escapedName": "csurf",
|
|
"name": "csurf",
|
|
"rawSpec": "~1.8.3",
|
|
"spec": ">=1.8.3 <1.9.0",
|
|
"type": "range"
|
|
},
|
|
"/Volumes/2009-SSD/GT2/GT2-iOS/node_modules/connect"
|
|
]
|
|
],
|
|
"_from": "csurf@>=1.8.3 <1.9.0",
|
|
"_id": "csurf@1.8.3",
|
|
"_inCache": true,
|
|
"_location": "/csurf",
|
|
"_npmUser": {
|
|
"name": "dougwilson",
|
|
"email": "doug@somethingdoug.com"
|
|
},
|
|
"_npmVersion": "1.4.28",
|
|
"_phantomChildren": {
|
|
"inherits": "2.0.3",
|
|
"statuses": "1.4.0"
|
|
},
|
|
"_requested": {
|
|
"raw": "csurf@~1.8.3",
|
|
"scope": null,
|
|
"escapedName": "csurf",
|
|
"name": "csurf",
|
|
"rawSpec": "~1.8.3",
|
|
"spec": ">=1.8.3 <1.9.0",
|
|
"type": "range"
|
|
},
|
|
"_requiredBy": [
|
|
"/connect"
|
|
],
|
|
"_resolved": "https://registry.npmjs.org/csurf/-/csurf-1.8.3.tgz",
|
|
"_shasum": "23f2a13bf1d8fce1d0c996588394442cba86a56a",
|
|
"_shrinkwrap": null,
|
|
"_spec": "csurf@~1.8.3",
|
|
"_where": "/Volumes/2009-SSD/GT2/GT2-iOS/node_modules/connect",
|
|
"author": {
|
|
"name": "Jonathan Ong",
|
|
"email": "me@jongleberry.com",
|
|
"url": "http://jongleberry.com"
|
|
},
|
|
"bugs": {
|
|
"url": "https://github.com/expressjs/csurf/issues"
|
|
},
|
|
"contributors": [
|
|
{
|
|
"name": "Douglas Christopher Wilson",
|
|
"email": "doug@somethingdoug.com"
|
|
}
|
|
],
|
|
"dependencies": {
|
|
"cookie": "0.1.3",
|
|
"cookie-signature": "1.0.6",
|
|
"csrf": "~3.0.0",
|
|
"http-errors": "~1.3.1"
|
|
},
|
|
"description": "CSRF token middleware",
|
|
"devDependencies": {
|
|
"body-parser": "~1.12.4",
|
|
"connect": "3",
|
|
"cookie-parser": "~1.3.5",
|
|
"cookie-session": "~1.1.0",
|
|
"istanbul": "0.3.15",
|
|
"mocha": "2.2.5",
|
|
"supertest": "1.0.1"
|
|
},
|
|
"directories": {},
|
|
"dist": {
|
|
"shasum": "23f2a13bf1d8fce1d0c996588394442cba86a56a",
|
|
"tarball": "https://registry.npmjs.org/csurf/-/csurf-1.8.3.tgz"
|
|
},
|
|
"engines": {
|
|
"node": ">= 0.8.0"
|
|
},
|
|
"files": [
|
|
"HISTORY.md",
|
|
"LICENSE",
|
|
"index.js"
|
|
],
|
|
"gitHead": "3ebc176634b1a93ee4601a1c1929c0014d65e5ce",
|
|
"homepage": "https://github.com/expressjs/csurf#readme",
|
|
"keywords": [
|
|
"csrf",
|
|
"tokens",
|
|
"middleware",
|
|
"express"
|
|
],
|
|
"license": "MIT",
|
|
"maintainers": [
|
|
{
|
|
"name": "jongleberry",
|
|
"email": "jonathanrichardong@gmail.com"
|
|
},
|
|
{
|
|
"name": "dougwilson",
|
|
"email": "doug@somethingdoug.com"
|
|
},
|
|
{
|
|
"name": "tjholowaychuk",
|
|
"email": "tj@vision-media.ca"
|
|
},
|
|
{
|
|
"name": "mscdex",
|
|
"email": "mscdex@mscdex.net"
|
|
},
|
|
{
|
|
"name": "fishrock123",
|
|
"email": "fishrock123@rocketmail.com"
|
|
},
|
|
{
|
|
"name": "defunctzombie",
|
|
"email": "shtylman@gmail.com"
|
|
}
|
|
],
|
|
"name": "csurf",
|
|
"optionalDependencies": {},
|
|
"readme": "# csurf\n\n[![NPM Version][npm-image]][npm-url]\n[![NPM Downloads][downloads-image]][downloads-url]\n[![Build status][travis-image]][travis-url]\n[![Test coverage][coveralls-image]][coveralls-url]\n[![Gratipay][gratipay-image]][gratipay-url]\n\nNode.js [CSRF](https://en.wikipedia.org/wiki/Cross-site_request_forgery) protection middleware.\n\nRequires either a session middleware or [cookie-parser](https://www.npmjs.com/package/cookie-parser) to be initialized first.\n\n * If you are setting the [\"cookie\" option](#cookie) to a non-`false` value,\n then you must use [cookie-parser](https://www.npmjs.com/package/cookie-parser)\n before this module.\n * Otherwise, you must use a session middleware before this module. For example:\n - [express-session](https://www.npmjs.com/package/express-session)\n - [cookie-session](https://www.npmjs.com/package/cookie-session)\n\nIf you have questions on how this module is implemented, please read\n[Understanding CSRF](https://github.com/pillarjs/understanding-csrf).\n\n## Installation\n\n```sh\n$ npm install csurf\n```\n\n## API\n\n```js\nvar csurf = require('csurf')\n```\n\n### csurf([options])\n\nCreate a middleware for CSRF token creation and validation. This middleware\nadds a `req.csrfToken()` function to make a token which should be added to\nrequests which mutate state, within a hidden form field, query-string etc.\nThis token is validated against the visitor's session or csrf cookie.\n\n#### Options\n\nThe `csurf` function takes an optional `options` object that may contain\nany of the following keys:\n\n##### cookie\n\nDetermines if the token secret for the user should be stored in a cookie\nor in `req.session`. Defaults to `false`.\n\nWhen set to `true` (or an object of options for the cookie), then the module\nchanges behavior and no longer uses `req.session`. This means you _are no\nlonger required to use a session middleware_. Instead, you do need to use the\n[cookie-parser](https://www.npmjs.com/package/cookie-parser) middleware in\nyour app before this middleware.\n\nWhen set to an object, cookie storage of the secret is enabled and the\nobject contains options for this functionality (when set to `true`, the\ndefaults for the options are used). The options may contain any of the\nfollowing keys:\n\n - `key` - the name of the cookie to use to store the token secret\n (defaults to `'_csrf'`).\n - `path` - the path of the cookie (defaults to `'/'`).\n - any other [res.cookie](http://expressjs.com/4x/api.html#res.cookie)\n option can be set.\n\n##### ignoreMethods\n\nAn array of the methods for which CSRF token checking will disabled.\nDefaults to `['GET', 'HEAD', 'OPTIONS']`.\n\n##### sessionKey\n\nDetermines what property (\"key\") on `req` the session object is located.\nDefaults to `'session'` (i.e. looks at `req.session`). The CSRF secret\nfrom this library is stored and read as `req[sessionKey].csrfSecret`.\n\nIf the [\"cookie\" option](#cookie) is not `false`, then this option does\nnothing.\n\n##### value\n\nProvide a function that the middleware will invoke to read the token from\nthe request for validation. The function is called as `value(req)` and is\nexpected to return the token as a string.\n\nThe default value is a function that reads the token from the following\nlocations, in order:\n\n - `req.body._csrf` - typically generated by the `body-parser` module.\n - `req.query._csrf` - a built-in from Express.js to read from the URL\n query string.\n - `req.headers['csrf-token']` - the `CSRF-Token` HTTP request header.\n - `req.headers['xsrf-token']` - the `XSRF-Token` HTTP request header.\n - `req.headers['x-csrf-token']` - the `X-CSRF-Token` HTTP request header.\n - `req.headers['x-xsrf-token']` - the `X-XSRF-Token` HTTP request header.\n\n## Example\n\n### Simple express example\n\nThe following is an example of some server-side code that generates a form\nthat requires a CSRF token to post back.\n\n```js\nvar cookieParser = require('cookie-parser')\nvar csrf = require('csurf')\nvar bodyParser = require('body-parser')\nvar express = require('express')\n\n// setup route middlewares\nvar csrfProtection = csrf({ cookie: true })\nvar parseForm = bodyParser.urlencoded({ extended: false })\n\n// create express app\nvar app = express()\n\n// parse cookies\n// we need this because \"cookie\" is true in csrfProtection\napp.use(cookieParser())\n\napp.get('/form', csrfProtection, function(req, res) {\n // pass the csrfToken to the view\n res.render('send', { csrfToken: req.csrfToken() })\n})\n\napp.post('/process', parseForm, csrfProtection, function(req, res) {\n res.send('data is being processed')\n})\n```\n\nInside the view (depending on your template language; handlebars-style\nis demonstrated here), set the `csrfToken` value as the value of a hidden\ninput field named `_csrf`:\n\n```html\n<form action=\"/process\" method=\"POST\">\n <input type=\"hidden\" name=\"_csrf\" value=\"{{csrfToken}}\">\n \n Favorite color: <input type=\"text\" name=\"favoriteColor\">\n <button type=\"submit\">Submit</button>\n</form>\n```\n\n### Custom error handling\n\nWhen the CSRF token validation fails, an error is thrown that has\n`err.code === 'EBADCSRFTOKEN'`. This can be used to display custom\nerror messages.\n\n```js\nvar bodyParser = require('body-parser')\nvar cookieParser = require('cookie-parser')\nvar csrf = require('csurf')\nvar express = require('express')\n\nvar app = express()\napp.use(bodyParser.urlencoded({ extended: false }))\napp.use(cookieParser())\napp.use(csrf({ cookie: true }))\n\n// error handler\napp.use(function (err, req, res, next) {\n if (err.code !== 'EBADCSRFTOKEN') return next(err)\n\n // handle CSRF token errors here\n res.status(403)\n res.send('form tampered with')\n})\n```\n\n## License\n\n[MIT](LICENSE)\n\n[npm-image]: https://img.shields.io/npm/v/csurf.svg\n[npm-url]: https://npmjs.org/package/csurf\n[travis-image]: https://img.shields.io/travis/expressjs/csurf/master.svg\n[travis-url]: https://travis-ci.org/expressjs/csurf\n[coveralls-image]: https://img.shields.io/coveralls/expressjs/csurf/master.svg\n[coveralls-url]: https://coveralls.io/r/expressjs/csurf?branch=master\n[downloads-image]: https://img.shields.io/npm/dm/csurf.svg\n[downloads-url]: https://npmjs.org/package/csurf\n[gratipay-image]: https://img.shields.io/gratipay/dougwilson.svg\n[gratipay-url]: https://gratipay.com/dougwilson/\n",
|
|
"readmeFilename": "README.md",
|
|
"repository": {
|
|
"type": "git",
|
|
"url": "git+https://github.com/expressjs/csurf.git"
|
|
},
|
|
"scripts": {
|
|
"test": "mocha --check-leaks --reporter spec --bail test/",
|
|
"test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --check-leaks --reporter dot test/",
|
|
"test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --check-leaks --reporter spec test/"
|
|
},
|
|
"version": "1.8.3"
|
|
}
|