From 160e299631c5a1741e93cfb0681c9218b5898d34 Mon Sep 17 00:00:00 2001 From: Matt Strapp Date: Thu, 10 Feb 2022 14:37:15 -0600 Subject: Add CSRF cookie and make it somewhat secure Signed-off-by: Matt Strapp --- src/index.ts | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'src/index.ts') diff --git a/src/index.ts b/src/index.ts index e396151..a456313 100644 --- a/src/index.ts +++ b/src/index.ts @@ -6,15 +6,18 @@ import path from 'path'; import { env } from 'process'; import helmet from 'helmet'; import csurf from 'csurf'; +import cookieParser from 'cookie-parser'; +import { randomBytes } from 'crypto'; const app = express(); // Middleware const port: string = env.PORT || '2000'; -const csrf = csurf({ cookie: false }); +app.use(cookieParser()); +const csrf = csurf({ cookie: true }); app.use(session({ - secret: 'keyboard cat', + secret: randomBytes(50).toString('base64'), resave: false, saveUninitialized: true, cookie: { -- cgit v1.2.3