tadeaspetak/fullstack-security-csrf.ts

## fullstack-security-csrf.ts
// when serving your app
res.cookie("xCsrfToken", generateToken(), { maxAge: 1000 * 3600, sameSite: "strict" });

// on the client
fetch(url, {
  headers: {
    "content-type": "application/json",
    "x-csrf-token": getCookie("xCsrfToken") ?? "",
  },
});

// in your sensitive endpoints
if (!req.headers["x-csrf-token"] || req.headers["x-csrf-token"] !== req.cookies["xCsrfToken"]) {
  return res.status(400).json({ message: "Invalid CSRF token." });
}
	// when serving your app
	res.cookie("xCsrfToken", generateToken(), { maxAge: 1000 * 3600, sameSite: "strict" });

	// on the client
	fetch(url, {
	headers: {
	"content-type": "application/json",
	"x-csrf-token": getCookie("xCsrfToken") ?? "",
	},
	});

	// in your sensitive endpoints
	if (!req.headers["x-csrf-token"] \|\| req.headers["x-csrf-token"] !== req.cookies["xCsrfToken"]) {
	return res.status(400).json({ message: "Invalid CSRF token." });
	}