Secure Your Node.js Web Application

Avoid Setting Up Common CSRF Pitfalls in Your Code

express makes it easy to implement CSRF protections, but there are some pitfalls with using express and existing middleware. In this section, we look at three such issues.

The first issue is the middleware methodOverride in express, which lets you implement or modify the applicationâs RESTful behavior. For example, you just add a _method parameter to do a DELETE request with a body or use a simple form to create a PUT request. Unfortunately, the middleware interferes with CSRF protection.

The standard practice in most CSRF prevention methods is to ignore GET, OPTIONS, and HEAD request methods. The GET request should be used just to obtain information and should not modify data. However, ...

Get Secure Your Node.js Web Application now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Secure Your Node.js Web Application by Karl Duuna

Avoid Setting Up Common CSRF Pitfalls in Your Code

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly