Skip to content

Instantly share code, notes, and snippets.

@JhonatanHern

JhonatanHern/CSRFPrevent.js

Created June 21, 2018 19:57
Show Gist options
  • Save JhonatanHern/3efa2d5e51532d2f00fdcd94fca083af to your computer and use it in GitHub Desktop.
Save JhonatanHern/3efa2d5e51532d2f00fdcd94fca083af to your computer and use it in GitHub Desktop.
Download ZIP
Prevention of CSRF attacks. Module intended to be used with express.js
Raw
CSRFPrevent.js
const url = require('url')
module.exports = (request,domainName) => {
console.log(request.headers)
if (request.headers.referer) {
const parsedURL = url.parse(request.headers.referer)
return parsedURL.hostname === domainName ||
parsedURL.hostname === '127.0.0.1' ||
parsedURL.hostname === 'localhost'
}
if (request.headers.origin) {
const parsedURL = url.parse(request.headers.origin)
return parsedURL.hostname === domainName ||
parsedURL.hostname === '127.0.0.1' ||
parsedURL.hostname === 'localhost'
}
return true
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment