csurf is an open-source library for implementing CSRF protection for Node.js. The module is maintained by the Express.js team and provides middleware functions to help our web application send and process CSRF tokens with web requests.
The CSRF module can be installed from the npm registry and installed using the terminal command:
In the workspace, we have the code for a web application with an insecure web form. There are no security measures in place, leaving the web page vulnerable to CSRF exploitations. Throughout the rest of the lesson, we will be hardening (improving the security of) the webform by implementing CSRF tokens on the form.
Instructions
Use the require() function to include csurf in the app.js file.
Name the variable csurf.
Press the Check Work button to check your work.