Skip to content

naupaw/nextjs-csrf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
pages
pages
 
 
util
util
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
next-env.d.ts
next-env.d.ts
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

Nextjs CSRF POC (Proof of Concept)

Demo

According to wikipedia

Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.

Just a bare minimal implementation using csrf token with nextjs

Module i used

There are some rules in this case

  • Csrf secret stored in _csrf cookie.
  • Csrf token stored in x-xsrf-token cookie, latter to be used for XHR/API call.
    • In this case i will use axios for calling api since the module has built action for carries x-xsrf-token automatically
  • Restriction only applied on /api/* path
  • Csrf token also available in req.token if you decide to put the token into pageProps by using getServerSideProps

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

4 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages