csurf is an open-source library for implementing CSRF protection for Node.js. The module is maintained by the Express.js team and provides middleware functions to help our web application send and process CSRF tokens with web requests.

The CSRF module can be installed from the npm registry and installed using the terminal command:

npm install csurf

In the workspace, we have the code for a web application with an insecure web form. There are no security measures in place, leaving the web page vulnerable to CSRF exploitations. Throughout the rest of the lesson, we will be hardening (improving the security of) the webform by implementing CSRF tokens on the form.



Use the require() function to include csurf in the app.js file.

Name the variable csurf.

Press the Check Work button to check your work.

Sign up to start coding

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.

Or sign up using:

Already have an account?