Prevent Cross-Site Request Forgery in Express Apps with csurf

Photo by Diego Passadori on Unsplash

Cross-site request forgery (CSRF) is an attack where attackers send requests from unauthorized domains to our back end, doing malicious things.

To prevent this, we need to send a CSRF token to authorized users and check for the CSRF token in our requests.

In this article, we’ll look at how to do this with the csurf middleware.