After including the dependencies for csurf, we can declare a variable named csrfMiddleware and create an instance of csurf.

When instantiating csurf we provide options to the cookie in order to configure the module to store the CSRF token secret in a cookie. For the module to work in the Codecademy environment, we must set the sameSite property equal to 'none'.

const csrfMiddleware = csurf ({ cookie: { maxAge: 300000000, secure: true, sameSite: 'none' } });

Additional options for the csurf instance can be viewed on the documentation page.

csrfMiddleware() can be configured at the router level using app.use() to call the middleware function for every request to the server with the following line in app.js:


If you’d like to run the application, type node app.js into the bash Terminal and then refresh the mini browser.



Create a csurf middleware function with the name csrfMiddleware().

Pass an object into csurf() and add a property named cookie.

Inside of cookie, set the maxAge property to 300000000.

Press the Check Work button to check your work after each checkpoint.


Add another property named secure and set it to true.


Add another key named sameSite and set it to 'none'.


Set the csrfMiddleware() to be called at the router level using app.use().

Sign up to start coding

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.

Or sign up using:

Already have an account?