The web can be a dangerous place, and, as developers, we have to be aware of vulnerabilities and do our best to protect our applications against malicious actors. One of the common vulnerabilities on the web is Cross-Site Request Forgery (CSRF) Attacks.

This type of attack can be prevented through the use of CSRF tokens, which are unique values generated by a server-side application and sent to the client. This creates another check to see if the user’s form submission is legitimate. Throughout this lesson, we will be looking at how to protect a web form on a Node.js/Express server using the csurf library.


View the diagram to refresh yourself on how CSRF tokens work to mitigate CSRF attacks. Without a valid token, the potentially malicious request cannot be made!

Sign up to start coding

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.

Or sign up using:

Already have an account?