aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorMatt Strapp <matt@mattstrapp.net>2022-02-10 14:37:15 -0600
committerMatt Strapp <matt@mattstrapp.net>2022-02-10 14:37:15 -0600
commit160e299631c5a1741e93cfb0681c9218b5898d34 (patch)
tree1c8dff154d86dab60385c109d0bbb7dd0bb595a0 /src
parentMerge pull request #5 from RosstheRoss/dependabot/npm_and_yarn/express-rate-l... (diff)
downloadee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar
ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.gz
ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.bz2
ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.lz
ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.xz
ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.zst
ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.zip
Add CSRF cookie and make it somewhat secure
Signed-off-by: Matt Strapp <matt@mattstrapp.net>
Diffstat (limited to 'src')
-rw-r--r--src/index.ts7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/index.ts b/src/index.ts
index e396151..a456313 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -6,15 +6,18 @@ import path from 'path';
import { env } from 'process';
import helmet from 'helmet';
import csurf from 'csurf';
+import cookieParser from 'cookie-parser';
+import { randomBytes } from 'crypto';
const app = express();
// Middleware
const port: string = env.PORT || '2000';
-const csrf = csurf({ cookie: false });
+app.use(cookieParser());
+const csrf = csurf({ cookie: true });
app.use(session({
- secret: 'keyboard cat',
+ secret: randomBytes(50).toString('base64'),
resave: false,
saveUninitialized: true,
cookie: {
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-19 17:04:10 +0000