@gibme/webserver
    Preparing search index...

    Type Alias CSRFOptions

    type CSRFOptions = {
        bodyField?: string;
        cookieName?: string;
        cookieOptions?: SerializeOptions;
        errorSink?: ErrorSink;
        headerName?: string;
        ignoreMethods?: string[];
        secret: CSRFSecret;
        skip?: (request: express.Request) => boolean;
    }
    Index

    Properties

    bodyField? cookieName? cookieOptions? errorSink? headerName? ignoreMethods? secret skip?

    Properties

    bodyField?: string

    Body field name read on unsafe requests when no header is present.

    '_csrf'
    cookieName?: string

    Cookie name carrying the signed token. Defaults to the __Host-csrf prefix, which requires secure: true, no Domain, and Path=/. Override the name for HTTP dev environments where the __Host- prefix cannot be honored.

    '__Host-csrf'
    cookieOptions?: SerializeOptions

    Set-Cookie attribute overrides. Defaults: SameSite=Strict, Secure, HttpOnly=false, Path=/.

    errorSink?: ErrorSink

    Error sink invoked on verification failures.

    headerName?: string

    Header name read on unsafe requests.

    'x-csrf-token'
    ignoreMethods?: string[]

    HTTP methods exempt from token verification.

    ['GET', 'HEAD', 'OPTIONS']
    secret: CSRFSecret

    Secret used to sign the CSRF cookie. Accepts a literal CipherKey or a callback (useful when the secret rotates with cookieSecret).

    skip?: (request: express.Request) => boolean

    Predicate; when truthy the request bypasses verification.

    Settings

    Member Visibility

    On This Page

    Properties