Skip to content

Commit 3c934fd

Browse files
author
Pratik Das
committed
added code
1 parent 406a57d commit 3c934fd

5 files changed

Lines changed: 80 additions & 0 deletions

File tree

cors/README.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
# Related Blog Posts
2+
3+
* [Complete guide to CORS](https://reflectoring.io/complete-guide-to-cors/)

csrf/README.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
# Related Blog Posts
2+
3+
* [Complete guide to CSRF](https://reflectoring.io/complete-guide-to-csrf/)

csrf/index.js

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
const express = require('express');
2+
const csrf = require('csurf');
3+
const cookieParser = require('cookie-parser');
4+
5+
var csrfProtection = csrf({ cookie: true });
6+
var parseForm = express.urlencoded({ extended: false });
7+
8+
var app = express();
9+
app.set('view engine','ejs')
10+
11+
app.use(cookieParser());
12+
13+
app.get('/transfer', csrfProtection, function (req, res) {
14+
// pass the csrfToken to the view
15+
res.render('transfer', { csrfToken: req.csrfToken() });
16+
});
17+
18+
app.post('/process', parseForm,
19+
csrfProtection, function (req, res) {
20+
res.send('Transfer Successful!!');
21+
});
22+
23+
app.listen(3000, (err) => {
24+
if (err) console.log(err);
25+
console.log('Server listening on 3000');
26+
}
27+
);
28+

csrf/package.json

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
{
2+
"name": "csrfapp",
3+
"version": "1.0.0",
4+
"description": "CSRF mitigation example",
5+
"main": "index.js",
6+
"scripts": {
7+
"test": "echo \"Error: no test specified\" && exit 1"
8+
},
9+
"keywords": [
10+
"csrf"
11+
],
12+
"author": "Pratik Das",
13+
"license": "ISC",
14+
"dependencies": {
15+
"body-parser": "^1.19.0",
16+
"cookie-parser": "^1.4.5",
17+
"cookie-session": "^1.4.0",
18+
"csurf": "^1.11.0",
19+
"ejs": "^3.1.6",
20+
"express": "^4.17.1",
21+
"pug": "^3.0.2"
22+
}
23+
}

csrf/views/transfer.ejs

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
<html>
2+
<head>
3+
<title>CSRF Token Demo</title>
4+
</head>
5+
<body>
6+
<form action="process" method="POST">
7+
<input type="hidden" name="_csrf" value="<%= csrfToken %>">
8+
<div>
9+
<label>Amount:</label><input type="text" name="amount">
10+
</div>
11+
<br/>
12+
<div>
13+
<label>Transfer To:</label><input type="text" name="account">
14+
</div>
15+
<br/>
16+
<div>
17+
<input type="submit" value="Transfer">
18+
</div>
19+
</form>
20+
</body>
21+
</html>
22+
23+

0 commit comments

Comments
 (0)