CSRF

ThinkJS provides a middleware to handle CSRF, but it's off by default.

Turn CSRF On

Modify src/common/config/hook.js like this:

export default {
  logic_before: ['prepend', 'csrf']
}

Configure

The default configure of CSRF is as following, you can modify them in src/common/config/csrf.js:

export default {
  session_name: '__CSRF__', // Token value saved in session
  form_name: '__CSRF__', // CSRF key name, we can get value by this key and check the value
  errno: 400, //error number
  errmsg: 'token error' // error message
};
Documentation Links:https://github.com/thinkjs/en.thinkjs.org/edit/master/view/2.1/csrf.md
Links
75team Blog w3ctech welefen
Projects
75team Weekly Firekylin
Language
English
Chinese
Contribution
GitHub Issues
Contacts
GitHub Twitter Facebook

@2013 - 2024 ThinkJS Team