Posts about Sails.js 0.10
- How to build a CRUD API with Sails.js in seconds
- How to add Bootstrap to our Sails.js projects
- How to Cross-Site Request Forgery Protection (CSRF) on Sails.js
Sails explain on
csrf.js file, very good what's the meaning and the achieve of using
CSRF on our project.
When enabled, all non-GET requests to the Sails server must be accompanied by a special token, identified as the '_csrf' parameter.
This option protects your Sails app against cross-site request forgery (or CSRF) attacks.
A would-be attacker needs not only a user's session cookie, but also this timestamped, secret CSRF token, which is refreshed/granted when the user visits a URL on your app's domain.
To activate we just have to change the value on
And to use it we just have to send it on every request we'll made to our server, for example adding this hidden field on every
POST form request:
<form action="/user/create" method="POST" class="form-signin"> ... <input type="hidden" name="_csrf" value="<%= _csrf %>" /> </form>
If you need more info about how to use
Cross-Site Request Forgery Protection just check the file
csrf.js they explain as weel how to use it in our AJAX request.