csurf module stores CSRF tokens within a cookie or in session. This requires either a session or cookie parser to be initialized first. If you are unable to store secrets securely on the server, it is preferred to store the CSRF token using a cookie. Throughout the lesson, we will store our CSRF token inside a cookie.
cookie-parser is a module that is maintained by the Express.js team. The module can also be installed from the npm registry. The module can be included in the application using
const cookieParser = require('cookie-parser');
The Express application must be configured to use the cookie parser before the
csurf module. Enable the cookie parser module in the application to work at the application level by including the following line early in the application code.
csurfcan alternatively store the CSRF token value within a session. However, session management must be set up using
cookie-parser module in app.js inside a variable named
Press the Check Work button to check your work after each checkpoint.
Configure the app to use the
cookieParser() middleware at the application level using