CSRF himoyasi
Cross-site request forgery (CSRF yoki XSRF) - bu ishonchli foydalanuvchidan veb ilovaga ruxsatsiz buyruqlar yuboriladigan hujum turi. Buni oldini olish uchun csrf-csrf paketidan fo
Cross-site request forgery (CSRF yoki XSRF) - bu ishonchli foydalanuvchidan veb ilovaga ruxsatsiz buyruqlar yuboriladigan hujum turi. Buni oldini olish uchun csrf-csrf paketidan foydalanishingiz mumkin.
Express bilan foydalanish (default)
Avval kerakli paketni o'rnating:
1$ npm i csrf-csrfcsrf-csrf hujjatlarida qayd etilganidek, bu middleware avval sessiya middleware yoki cookie-parser ishga tushirilgan bo'lishini talab qiladi. Batafsil ma'lumot uchun hujjatlarga qarang.
O'rnatish tugagach, csrf-csrf middleware ni global middleware sifatida ro'yxatdan o'tkazing.
1import { doubleCsrf } from 'csrf-csrf';
2// ...
3// somewhere in your initialization file
4const {
5 invalidCsrfTokenError, // This is provided purely for convenience if you plan on creating your own middleware.
6 generateToken, // Use this in your routes to generate and provide a CSRF hash, along with a token cookie and token.
7 validateRequest, // Also a convenience if you plan on making your own middleware.
8 doubleCsrfProtection, // This is the default CSRF protection middleware.
9} = doubleCsrf(doubleCsrfOptions);
10app.use(doubleCsrfProtection);Fastify bilan foydalanish
Avval kerakli paketni o'rnating:
1$ npm i --save @fastify/csrf-protectionO'rnatish tugagach, @fastify/csrf-protection plaginini quyidagicha ro'yxatdan o'tkazing:
1import fastifyCsrf from '@fastify/csrf-protection';
2// ...
3// somewhere in your initialization file after registering some storage plugin
4await app.register(fastifyCsrf);@fastify/csrf-protection hujjatlarida bu yerda tushuntirilganidek, bu plagin avval storage plaginini ishga tushirishni talab qiladi. Iltimos, qo'shimcha ko'rsatmalar uchun o'sha hujjatlarga qarang.