An electrode plugin that enables stateless CSRF protection using JWT in Electrode, Express, Hapi, or Koa 2 applications. CSRF protection is an important security feature, but in systems which don't have backend session persistence, validation is tricky. Stateless CSRF support addresses this need. CSRF attacks can be bad when a malicious script can make a request that can perform harmful operations through the user (victim)'s browser, attaching user-specific and sensitive data in the cookies. For use with XMLHttpRequest and fetch, we extend the technique by using two JWT tokens for validation. One token in the cookies and the other in the HTTP headers. Since XSS cannot set HTTP headers also, it strengthens the security further.

Features

  • Double JWT CSRF tokens
  • Browser Integration
  • Serverside Integration
  • Full demo
  • Documentation available
  • Examples available

Project Samples

Electrode Stateless CSRF Screenshot 1

Project Activity

See All Activity >

Categories

Frameworks

License

Apache License V2.0

Follow Electrode Stateless CSRF

Electrode Stateless CSRF Web Site

Other Useful Business Software
Enterprise-grade ITSM, for every business Icon
Enterprise-grade ITSM, for every business

Give your IT, operations, and business teams the ability to deliver exceptional services—without the complexity.

Freshservice is an intuitive, AI-powered platform that helps IT, operations, and business teams deliver exceptional service without the usual complexity. Automate repetitive tasks, resolve issues faster, and provide seamless support across the organization. From managing incidents and assets to driving smarter decisions, Freshservice makes it easy to stay efficient and scale with confidence.
Try it Free
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of Electrode Stateless CSRF!

Additional Project Details

Programming Language

JavaScript

Related Categories

JavaScript Frameworks

Registered

2024-01-11
Report inappropriate content