diff options
author | Matt Strapp <matt@mattstrapp.net> | 2022-02-10 14:37:15 -0600 |
---|---|---|
committer | Matt Strapp <matt@mattstrapp.net> | 2022-02-10 14:37:15 -0600 |
commit | 160e299631c5a1741e93cfb0681c9218b5898d34 (patch) | |
tree | 1c8dff154d86dab60385c109d0bbb7dd0bb595a0 /src | |
parent | Merge pull request #5 from RosstheRoss/dependabot/npm_and_yarn/express-rate-l... (diff) | |
download | ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.gz ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.bz2 ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.lz ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.xz ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.tar.zst ee4511w-web-160e299631c5a1741e93cfb0681c9218b5898d34.zip |
Add CSRF cookie and make it somewhat secure
Signed-off-by: Matt Strapp <matt@mattstrapp.net>
Diffstat (limited to 'src')
-rw-r--r-- | src/index.ts | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/index.ts b/src/index.ts index e396151..a456313 100644 --- a/src/index.ts +++ b/src/index.ts @@ -6,15 +6,18 @@ import path from 'path'; import { env } from 'process'; import helmet from 'helmet'; import csurf from 'csurf'; +import cookieParser from 'cookie-parser'; +import { randomBytes } from 'crypto'; const app = express(); // Middleware const port: string = env.PORT || '2000'; -const csrf = csurf({ cookie: false }); +app.use(cookieParser()); +const csrf = csurf({ cookie: true }); app.use(session({ - secret: 'keyboard cat', + secret: randomBytes(50).toString('base64'), resave: false, saveUninitialized: true, cookie: { |