An electrode plugin that enables stateless CSRF protection using JWT in Electrode, Express, Hapi, or Koa 2 applications. CSRF protection is an important security feature, but in systems which don't have backend session persistence, validation is tricky. Stateless CSRF support addresses this need. CSRF attacks can be bad when a malicious script can make a request that can perform harmful operations through the user (victim)'s browser, attaching user-specific and sensitive data in the cookies. For use with XMLHttpRequest and fetch, we extend the technique by using two JWT tokens for validation. One token in the cookies and the other in the HTTP headers. Since XSS cannot set HTTP headers also, it strengthens the security further.

Features

  • Double JWT CSRF tokens
  • Browser Integration
  • Serverside Integration
  • Full demo
  • Documentation available
  • Examples available

Project Samples

Project Activity

See All Activity >

Categories

Frameworks

License

Apache License V2.0

Follow Electrode Stateless CSRF

Electrode Stateless CSRF Web Site

Other Useful Business Software
Our Free Plans just got better! | Auth0 Icon
Our Free Plans just got better! | Auth0

With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
Try free now
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of Electrode Stateless CSRF!

Additional Project Details

Programming Language

JavaScript

Related Categories

JavaScript Frameworks

Registered

2024-01-11