Class CSRF

Constructors

constructor

Methods

commitToken generate getToken validate

Constructors

constructor

Methods

commitToken

  • commitToken(
        requestOrHeaders?: Request | Headers,
        bytes?: number,
    ): Promise<readonly [string, null | string]>

  • Generates a token and serialize it into the cookie.

    Parameters

    • requestOrHeaders: Request | Headers = ...

      A request or headers object from which we can get the cookie to get the existing token.

    • bytes: number = 32

      The number of bytes used to generate the token

    Returns Promise<readonly [string, null | string]>

    A tuple with the token and the string to send in Set-Cookie If there's already a csrf value in the cookie then the token will be the same and the cookie will be null.

    Example

    let [token, cookie] = await csrf.commitToken(request);
    return json({ token }, {
      headers: { "set-cookie": cookie }
    })

generate

  • generate(bytes?: number): string

  • Generates a random string in Base64URL to be used as an authenticity token for CSRF protection.

    Parameters

    • bytes: number = 32

      The number of bytes used to generate the token

    Returns string

    A random string in Base64URL

getToken

  • getToken(requestOrHeaders?: Request | Headers, bytes?: number): Promise<string>

  • Get the existing token from the cookie or generate a new one if it doesn't exist.

    Parameters

    • requestOrHeaders: Request | Headers = ...

      A request or headers object from which we can get the cookie to get the existing token.

    • bytes: number = 32

      The number of bytes used to generate the token.

    Returns Promise<string>

    The existing token if it exists in the cookie, otherwise a new token.

validate

  • validate(data: Request): Promise<void>

  • Verify if a request and cookie has a valid CSRF token.

    Parameters

    Returns Promise<void>

    Example

    export async function action({ request }: ActionFunctionArgs) {
      await csrf.validate(request);
      // the request is authenticated and you can do anything here
    }

    Example

    export async function action({ request }: ActionFunctionArgs) {
      let formData = await request.formData()
      await csrf.validate(formData, request.headers);
      // the request is authenticated and you can do anything here
    }

    Example

    export async function action({ request }: ActionFunctionArgs) {
      let formData = await parseMultipartFormData(request);
      await csrf.validate(formData, request.headers);
      // the request is authenticated and you can do anything here
    }
  • validate(data: FormData, headers: Headers): Promise<void>

  • Verify if a request and cookie has a valid CSRF token.

    Parameters

    Returns Promise<void>

    Example

    export async function action({ request }: ActionFunctionArgs) {
      await csrf.validate(request);
      // the request is authenticated and you can do anything here
    }

    Example

    export async function action({ request }: ActionFunctionArgs) {
      let formData = await request.formData()
      await csrf.validate(formData, request.headers);
      // the request is authenticated and you can do anything here
    }

    Example

    export async function action({ request }: ActionFunctionArgs) {
      let formData = await parseMultipartFormData(request);
      await csrf.validate(formData, request.headers);
      // the request is authenticated and you can do anything here
    }

Settings

Member Visibility

On This Page

Constructors
Methods