UNPKG

hono

Version:

Web framework built on Web Standards

hono.dev

honojs/hono

50 lines (49 loc) 1.38 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
/** * @module * CSRF Protection Middleware for Hono. */ import type { Context } from '../../context'; import type { MiddlewareHandler } from '../../types'; type IsAllowedOriginHandler = (origin: string, context: Context) => boolean; interface CSRFOptions { origin?: string | string[] | IsAllowedOriginHandler; } /** * CSRF Protection Middleware for Hono. * * @see {@link https://hono.dev/docs/middleware/builtin/csrf} * * @param {CSRFOptions} [options] - The options for the CSRF protection middleware. * @param {string|string[]|(origin: string, context: Context) => boolean} [options.origin] - Specify origins. * @returns {MiddlewareHandler} The middleware handler function. * * @example * ```ts * const app = new Hono() * * app.use(csrf()) * * // Specifying origins with using `origin` option * // string * app.use(csrf({ origin: 'myapp.example.com' })) * * // string[] * app.use( * csrf({ * origin: ['myapp.example.com', 'development.myapp.example.com'], * }) * ) * * // Function * // It is strongly recommended that the protocol be verified to ensure a match to `$`. * // You should *never* do a forward match. * app.use( * '*', * csrf({ * origin: (origin) => /https:\/\/(\w+\.)?myapp\.example\.com$/.test(origin), * }) * ) * ``` */ export declare const csrf: (options?: CSRFOptions) => MiddlewareHandler; export {};