Implementing Csurf Middleware in Node.js Last Updated : 29 Feb, 2024 Comments Improve Suggest changes Like Article Like Report Csurf middleware in Node.js prevents the Cross-Site Request Forgery(CSRF) attack on an application. By using this module, when a browser renders up a page from the server, it sends a randomly generated string as a CSRF token. Therefore, when the POST request is performed, it will send the random CSRF token as a cookie. The token sent will be different for each request since they are generated randomly. Steps to set up the Application and Installing Required Modules Step 1: First, we need to initialize our application with a package.json file. Therefore, write the following command in the terminal: npm initStep 2: After the package.json is created, it's time to install our dependencies. Therefore, Install the required dependencies by the following command: npm install body-parser cookie-parser express csurf --saveHere, Cookie-parser is used to parse the incoming cookies. Body-parser is used to parse the incoming form data that we will be creating in an HTML file.Updated dependencies in the package.json file. "dependencies": { "body-parser": "^1.20.2", "cookie-parser": "^1.4.6", "csurf": "^1.11.0", "express": "^4.18.2"}Steps to Implement Csurf Middleware in NodeJS:Step 1: Create a file named app.js and import the required Modules. const express = require('express');const csrf = require('csurf');const cookieParser = require('cookie-parser');const bodyParser = require('body-parser');Here, csrf will act as a middleware for generating and validating CSRF cookies. This middleware will add a function for generating cookies. This function will be passed to requests through a hidden form field. This created cookie will be then validated when the users send requests. The middleware populates req.csrfToken(). Step 2: After Importing all the required modules, set up the route middleware and pass the validation method as a cookie instead of a token. Body-parser is used to parse the data coming from the form. Since a cookie is used as the validation method, therefore, cookie-parser is used. Now, in the GET request, we are rendering the passed cookie value to the view. In the POST request, we are first validating the cookie and if validated, then we are sending a message. Step 3: Now, create a folder and named as view and create a file and name it login.ejs, and create a simple form as given below: <form action="process" method="POST"> <input type="hidden" name="_csrf" value="<%= csrfToken %>"> <input type="text" name="myname"> <input type="submit" value="Submit"></form>The above code example will run just as a simple application but there will be an added extra security measure for preventing CSRF. Csurf Middleware Complete Example:This example demonstrate a basic implementation of Csurf Middleware in Node.js. HTML <!-- Filename - login.ejs --> <html> <head> <title>Csurf Middleware</title> </head> <body> <form action="process" method="POST"> <input type="hidden" name="_csrf" value="<%= csrfToken %>"> <input type="text" name="myname"> <input type="submit" value="Submit"> </form> </body> </html> JavaScript // Filename - app.js const express = require('express'); const csrf = require('csurf'); const cookieParser = require('cookie-parser'); const bodyParser = require('body-parser'); let csrfProtection = csrf({ cookie: true }); let parseForm = bodyParser.urlencoded({ extended: false }); let app = express(); app.set('view engine', 'ejs') app.use(cookieParser()); app.get('/form', csrfProtection, function (req, res) { // pass the csrfToken to the view res.render('login', { csrfToken: req.csrfToken() }); }); app.post('/process', parseForm, csrfProtection, function (req, res) { res.send('Successfully Validated!!'); }); app.listen(3000, (err) => { if (err) console.log(err); console.log('Server Running'); }); Steps to run this program: Run the app.js file with the following command: node app.jsOpen the browser and go to http://localhost:3000/form, then you will see the form with an input field as shown below: After submitting the form, you will see the following output: Successfully Validated!!Conclusion: Implementing csurf middleware in Node.js strengthens security by guarding against Cross-Site Request Forgery attacks. By generating and validating tokens, it protects sensitive user data, ensuring a robust defense. This proactive measure bolsters overall application integrity, providing a reliable shield against potential security vulnerabilities and unauthorized requests. Comment More infoAdvertise with us Next Article NodeJS Introduction P pranjal_srivastava Follow Improve Article Tags : Node.js Node.js-Misc EJS-Templating Language Similar Reads Node.js Tutorial Node.js is a powerful, open-source, and cross-platform JavaScript runtime environment built on Chrome's V8 engine. It allows you to run JavaScript code outside the browser, making it ideal for building scalable server-side and networking applications.JavaScript was mainly used for frontend developme 4 min read Introduction & Installation NodeJS IntroductionNodeJS is a runtime environment for executing JavaScript outside the browser, built on the V8 JavaScript engine. It enables server-side development, supports asynchronous, event-driven programming, and efficiently handles scalable network applications. NodeJS is single-threaded, utilizing an event l 5 min read Node.js Roadmap: A Complete GuideNode.js has become one of the most popular technologies for building modern web applications. It allows developers to use JavaScript on the server side, making it easy to create fast, scalable, and efficient applications. Whether you want to build APIs, real-time applications, or full-stack web apps 6 min read How to Install Node.js on LinuxInstalling Node.js on a Linux-based operating system can vary slightly depending on your distribution. This guide will walk you through various methods to install Node.js and npm (Node Package Manager) on Linux, whether using Ubuntu, Debian, or other distributions.PrerequisitesA Linux System: such a 6 min read How to Install Node.js on WindowsInstalling Node.js on Windows is a straightforward process, but it's essential to follow the right steps to ensure smooth setup and proper functioning of Node Package Manager (NPM), which is crucial for managing dependencies and packages. This guide will walk you through the official site, NVM, Wind 6 min read How to Install NodeJS on MacOSNode.js is a popular JavaScript runtime used for building server-side applications. It’s cross-platform and works seamlessly on macOS, Windows, and Linux systems. In this article, we'll guide you through the process of installing Node.js on your macOS system.What is Node.jsNode.js is an open-source, 6 min read Node.js vs Browser - Top Differences That Every Developer Should KnowNode.js and Web browsers are two different but interrelated technologies in web development. JavaScript is executed in both the environment, node.js, and browser but for different use cases. Since JavaScript is the common Programming language in both, it is a huge advantage for developers to code bo 6 min read NodeJS REPL (READ, EVAL, PRINT, LOOP)NodeJS REPL (Read-Eval-Print Loop) is an interactive shell that allows you to execute JavaScript code line-by-line and see immediate results. This tool is extremely useful for quick testing, debugging, and learning, providing a sandbox where you can experiment with JavaScript code in a NodeJS enviro 5 min read Explain V8 engine in Node.jsThe V8 engine is one of the core components of Node.js, and understanding its role and how it works can significantly improve your understanding of how Node.js executes JavaScript code. In this article, we will discuss the V8 engine’s importance and its working in the context of Node.js.What is a V8 7 min read Node.js Web Application ArchitectureNode.js is a JavaScript-based platform mainly used to create I/O-intensive web applications such as chat apps, multimedia streaming sites, etc. It is built on Google Chrome’s V8 JavaScript engine. Web ApplicationsA web application is software that runs on a server and is rendered by a client browser 3 min read NodeJS Event LoopThe event loop in Node.js is a mechanism that allows asynchronous tasks to be handled efficiently without blocking the execution of other operations. It:Executes JavaScript synchronously first and then processes asynchronous operations.Delegates heavy tasks like I/O operations, timers, and network r 5 min read Node.js Modules , Buffer & StreamsNodeJS ModulesIn NodeJS, modules play an important role in organizing, structuring, and reusing code efficiently. A module is a self-contained block of code that can be exported and imported into different parts of an application. This modular approach helps developers manage large projects, making them more scal 6 min read What are Buffers in Node.js ?Buffers are an essential concept in Node.js, especially when working with binary data streams such as files, network protocols, or image processing. Unlike JavaScript, which is typically used to handle text-based data, Node.js provides buffers to manage raw binary data. This article delves into what 4 min read Node.js StreamsNode.js streams are a key part of handling I/O operations efficiently. They provide a way to read or write data continuously, allowing for efficient data processing, manipulation, and transfer.\Node.js StreamsThe stream module in Node.js provides an abstraction for working with streaming data. Strea 4 min read Node.js Asynchronous ProgrammingAsync Await in Node.jsAsync and await in Node are the modern way of handling asynchronous operations more efficiently. These are powerful keywords that replaces the traditional callback and Promise chaining approaches.Handling Asynchronous Operations Before Async AwaitCallbacksBefore Node version 7.6, the callbacks were 3 min read Promises in NodeJSPromises are a fundamental concept in asynchronous programming in JavaScript, especially in NodeJS, where non-blocking I/O operations are key to performance. Promises allow us to handle asynchronous operations more efficiently than traditional callback functions, leading to cleaner, more readable co 8 min read How to Handle Errors in Node.js ?Node.js is a JavaScript extension used for server-side scripting. Error handling is a mandatory step in application development. A Node.js developer may work with both synchronous and asynchronous functions simultaneously. Handling errors in asynchronous functions is important because their behavior 4 min read Exception Handling in Node.jsException handling refers to the mechanism by which the exceptions occurring in a code while an application is running is handled. Node.js supports several mechanisms for propagating and handling errors. There are different methods that can be used for exception handling in Node.js: Exception handl 3 min read Node.js NPMNodeJS NPMNPM (Node Package Manager) is a package manager for NodeJS modules. It helps developers manage project dependencies, scripts, and third-party libraries. By installing NodeJS on your system, NPM is automatically installed, and ready to use.It is primarily used to manage packages or modules—these are 6 min read Steps to Create and Publish NPM packagesIn this article, we will learn how to develop and publish your own npm package (also called an NPM module). There are many benefits of NPM packages, some of them are listed below: Reusable codeManaging code (using versioning)Sharing code The life-cycle of an npm package takes place like below: Modu 7 min read Introduction to NPM scriptsNPM is a Node Package Manager. It is the world's largest Software Registry. This registry contains over 800,000 code packages. Many Open-source developers use npm to share software. Many organizations also use npm to manage private development. "npm scripts" are the entries in the scripts field of t 2 min read Node.js package.jsonThe package.json file is the heart of Node.js system. It is the manifest file of any Node.js project and contains the metadata of the project. The package.json file is the essential part to understand, learn and work with the Node.js. It is the first step to learn about development in Node.js.What d 4 min read What is package-lock.json ?package-lock.json is a file that is generated when we try to install the node. It is generated by the Node Package Manager(npm). package-lock.json will ensure that the same versions of packages are installed. It contains the name, dependencies, and locked version of the project. It will check that s 3 min read Node.js Deployments & CommunicationNode DebuggingDebugging is an essential part of software development that helps developers identify and fix errors. This ensures that the application runs smoothly without causing errors. NodeJS is the JavaScript runtime environment that provides various debugging tools for troubleshooting the application.What is 3 min read How to Perform Testing in Node.js ?Testing is a method to check whether the functionality of an application is the same as expected or not. It helps to ensure that the output is the same as the required output. How Testing can be done in Node.js? There are various methods by which tasting can be done in Node.js, but one of the simple 2 min read Unit Testing of Node.js ApplicationNode.js is a widely used javascript library based on Chrome's V8 JavaScript engine for developing server-side applications in web development. Unit Testing is a software testing method where individual units/components are tested in isolation. A unit can be described as the smallest testable part of 5 min read NODE_ENV Variables and How to Use Them ?Introduction: NODE_ENV variables are environment variables that are made popularized by the express framework. The value of this type of variable can be set dynamically depending on the environment(i.e., development/production) the program is running on. The NODE_ENV works like a flag which indicate 2 min read Difference Between Development and Production in Node.jsIn this article, we will explore the key differences between development and production environments in Node.js. Understanding these differences is crucial for deploying and managing Node.js applications effectively. IntroductionNode.js applications can behave differently depending on whether they a 3 min read Best Security Practices in Node.jsThe security of an application is extremely important when we build a highly scalable and big project. So in this article, we are going to discuss some of the best practices that we need to follow in Node.js projects so that there are no security issues at a later point of time. In this article, we 4 min read Deploying Node.js ApplicationsDeploying a NodeJS application can be a smooth process with the right tools and strategies. This article will guide you through the basics of deploying NodeJS applications.To show how to deploy a NodeJS app, we are first going to create a sample application for a better understanding of the process. 5 min read How to Build a Microservices Architecture with NodeJSMicroservices architecture allows us to break down complex applications into smaller, independently deployable services. Node.js, with its non-blocking I/O and event-driven nature, is an excellent choice for building microservices. How to Build a Microservices Architecture with NodeJS?Microservices 3 min read Node.js with WebAssemblyWebAssembly, often abbreviated as Wasm, is a cutting-edge technology that offers a high-performance assembly-like language capable of being compiled from various programming languages such as C/C++, Rust, and AssemblyScript. This technology is widely supported by major browsers including Chrome, Fir 3 min read Resources & ToolsNode.js Web ServerA NodeJS web server is a server built using NodeJS to handle HTTP requests and responses. Unlike traditional web servers like Apache or Nginx, which are primarily designed to give static content, NodeJS web servers can handle both static and dynamic content while supporting real-time communication. 6 min read Node Exercises, Practice Questions and SolutionsNode Exercise: Explore interactive quizzes, track progress, and enhance coding skills with our engaging portal. Ideal for beginners and experienced developers, Level up your Node proficiency at your own pace. Start coding now! #content-iframe { width: 100%; height: 500px;} @media (max-width: 768px) 4 min read Node.js ProjectsNode.js is one of the most popular JavaScript runtime environments widely used in the software industry for projects in different domains like web applications, real-time chat applications, RESTful APIs, microservices, and more due to its high performance, scalability, non-blocking I/O, and many oth 9 min read NodeJS Interview Questions and AnswersNodeJS is one of the most popular runtime environments, known for its efficiency, scalability, and ability to handle asynchronous operations. It is built on Chrome’s V8 JavaScript engine for executing JavaScript code outside of a browser. It is extensively used by top companies such as LinkedIn, Net 15+ min read Like