Class CSRF

Index

Constructors

constructor

Methods

commitToken generate getToken validate

Constructors

constructor

new CSRF(options: CSRFOptions): CSRF
Parameters
- options: CSRFOptions
Returns CSRF
- Defined in src/server/csrf.ts:43

Methods

commitToken

commitToken(
requestOrHeaders?: Request | Headers,
bytes?: number,
): Promise<readonly [string, null | string]>
Generates a token and serialize it into the cookie.
Parameters
- requestOrHeaders: Request | Headers = ...
  A request or headers object from which we can get the cookie to get the existing token.
- bytes: number = 32
  The number of bytes used to generate the token
Returns Promise<readonly [string, null | string]>
A tuple with the token and the string to send in Set-Cookie If there's already a csrf value in the cookie then the token will be the same and the cookie will be null.
Example
```
let [token, cookie] = await csrf.commitToken(request);
return json({ token }, {
  headers: { "set-cookie": cookie }
})
```
- Defined in src/server/csrf.ts:96

generate

generate(bytes?: number): string
Generates a random string in Base64URL to be used as an authenticity token for CSRF protection.
Parameters
- bytes: number = 32
  The number of bytes used to generate the token
Returns string
A random string in Base64URL
- Defined in src/server/csrf.ts:55

getToken

getToken(requestOrHeaders?: Request | Headers, bytes?: number): Promise<string>
Get the existing token from the cookie or generate a new one if it doesn't exist.
Parameters
- requestOrHeaders: Request | Headers = ...
  A request or headers object from which we can get the cookie to get the existing token.
- bytes: number = 32
  The number of bytes used to generate the token.
Returns Promise<string>
The existing token if it exists in the cookie, otherwise a new token.
- Defined in src/server/csrf.ts:71

validate

validate(data: Request): Promise<void>

Verify if a request and cookie has a valid CSRF token.

Parameters

data: Request

Returns Promise<void>

Example

export async function action({ request }: ActionFunctionArgs) {
  await csrf.validate(request);
  // the request is authenticated and you can do anything here
}

Example

export async function action({ request }: ActionFunctionArgs) {
  let formData = await request.formData()
  await csrf.validate(formData, request.headers);
  // the request is authenticated and you can do anything here
}

Example

export async function action({ request }: ActionFunctionArgs) {
  let formData = await parseMultipartFormData(request);
  await csrf.validate(formData, request.headers);
  // the request is authenticated and you can do anything here
}

validate(data: FormData, headers: Headers): Promise<void>

Verify if a request and cookie has a valid CSRF token.

Parameters

data: FormData
headers: Headers

Returns Promise<void>

Example

export async function action({ request }: ActionFunctionArgs) {
  await csrf.validate(request);
  // the request is authenticated and you can do anything here
}

Example

export async function action({ request }: ActionFunctionArgs) {
  let formData = await request.formData()
  await csrf.validate(formData, request.headers);
  // the request is authenticated and you can do anything here
}

Example

export async function action({ request }: ActionFunctionArgs) {
  let formData = await parseMultipartFormData(request);
  await csrf.validate(formData, request.headers);
  // the request is authenticated and you can do anything here
}

Class CSRF

Index

Constructors

Methods

Constructors

constructor

Parameters

Returns CSRF

Methods

commitToken

Parameters

Returns Promise<readonly [string, null | string]>

Example

generate

Parameters

Returns string

getToken

Parameters

Returns Promise<string>

validate

Parameters

Returns Promise<void>

Example

Example

Example

Parameters

Returns Promise<void>

Example

Example

Example

Settings

On This Page