CSRF Protection
Cross-site request forgery (also known as CSRF or XSRF) is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. To mitigate this kind of attack you can use the csurf package.
#
Use with Express (default)Start by installing the required package:
warning Warning As explained on the csurf middleware page, the csurf module requires either session middleware or a cookie-parser to be initialized first. Please see that documentation for further instructions.
Once the installation is complete, apply the csurf middleware as global middleware.
#
Use with FastifyStart by installing the required package:
Once the installation is complete, register the fastify-csrf
pluign, as follows: