next-csrf
Version:
CSRF mitigation library for Next.js
130 lines (120 loc) • 14.1 kB
JavaScript
module.exports =
/******/ (function(modules) { // webpackBootstrap
/******/ // The module cache
/******/ var installedModules = require('../ssr-module-cache.js');
/******/
/******/ // The require function
/******/ function __webpack_require__(moduleId) {
/******/
/******/ // Check if module is in cache
/******/ if(installedModules[moduleId]) {
/******/ return installedModules[moduleId].exports;
/******/ }
/******/ // Create a new module (and put it into the cache)
/******/ var module = installedModules[moduleId] = {
/******/ i: moduleId,
/******/ l: false,
/******/ exports: {}
/******/ };
/******/
/******/ // Execute the module function
/******/ var threw = true;
/******/ try {
/******/ modules[moduleId].call(module.exports, module, module.exports, __webpack_require__);
/******/ threw = false;
/******/ } finally {
/******/ if(threw) delete installedModules[moduleId];
/******/ }
/******/
/******/ // Flag the module as loaded
/******/ module.l = true;
/******/
/******/ // Return the exports of the module
/******/ return module.exports;
/******/ }
/******/
/******/
/******/ // expose the modules object (__webpack_modules__)
/******/ __webpack_require__.m = modules;
/******/
/******/ // expose the module cache
/******/ __webpack_require__.c = installedModules;
/******/
/******/ // define getter function for harmony exports
/******/ __webpack_require__.d = function(exports, name, getter) {
/******/ if(!__webpack_require__.o(exports, name)) {
/******/ Object.defineProperty(exports, name, { enumerable: true, get: getter });
/******/ }
/******/ };
/******/
/******/ // define __esModule on exports
/******/ __webpack_require__.r = function(exports) {
/******/ if(typeof Symbol !== 'undefined' && Symbol.toStringTag) {
/******/ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
/******/ }
/******/ Object.defineProperty(exports, '__esModule', { value: true });
/******/ };
/******/
/******/ // create a fake namespace object
/******/ // mode & 1: value is a module id, require it
/******/ // mode & 2: merge all properties of value into the ns
/******/ // mode & 4: return value when already ns object
/******/ // mode & 8|1: behave like require
/******/ __webpack_require__.t = function(value, mode) {
/******/ if(mode & 1) value = __webpack_require__(value);
/******/ if(mode & 8) return value;
/******/ if((mode & 4) && typeof value === 'object' && value && value.__esModule) return value;
/******/ var ns = Object.create(null);
/******/ __webpack_require__.r(ns);
/******/ Object.defineProperty(ns, 'default', { enumerable: true, value: value });
/******/ if(mode & 2 && typeof value != 'string') for(var key in value) __webpack_require__.d(ns, key, function(key) { return value[key]; }.bind(null, key));
/******/ return ns;
/******/ };
/******/
/******/ // getDefaultExport function for compatibility with non-harmony modules
/******/ __webpack_require__.n = function(module) {
/******/ var getter = module && module.__esModule ?
/******/ function getDefault() { return module['default']; } :
/******/ function getModuleExports() { return module; };
/******/ __webpack_require__.d(getter, 'a', getter);
/******/ return getter;
/******/ };
/******/
/******/ // Object.prototype.hasOwnProperty.call
/******/ __webpack_require__.o = function(object, property) { return Object.prototype.hasOwnProperty.call(object, property); };
/******/
/******/ // __webpack_public_path__
/******/ __webpack_require__.p = "";
/******/
/******/
/******/ // Load entry module and return exports
/******/ return __webpack_require__(__webpack_require__.s = "./pages/index.js");
/******/ })
/************************************************************************/
/******/ ({
/***/ "./pages/index.js":
/*!************************!*\
!*** ./pages/index.js ***!
\************************/
/*! exports provided: default */
/***/ (function(module, __webpack_exports__, __webpack_require__) {
"use strict";
eval("__webpack_require__.r(__webpack_exports__);\n/* harmony export (binding) */ __webpack_require__.d(__webpack_exports__, \"default\", function() { return Home; });\n/* harmony import */ var react__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(/*! react */ \"react\");\n/* harmony import */ var react__WEBPACK_IMPORTED_MODULE_0___default = /*#__PURE__*/__webpack_require__.n(react__WEBPACK_IMPORTED_MODULE_0__);\n/* harmony import */ var _styles_Home_module_css__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(/*! ../styles/Home.module.css */ \"./styles/Home.module.css\");\n/* harmony import */ var _styles_Home_module_css__WEBPACK_IMPORTED_MODULE_1___default = /*#__PURE__*/__webpack_require__.n(_styles_Home_module_css__WEBPACK_IMPORTED_MODULE_1__);\nvar _jsxFileName = \"/home/jolvera/proj/next-csrf/example/pages/index.js\";\n\nvar __jsx = react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement;\n\nfunction Home() {\n return __jsx(react__WEBPACK_IMPORTED_MODULE_0___default.a.Fragment, null, __jsx(\"p\", {\n className: _styles_Home_module_css__WEBPACK_IMPORTED_MODULE_1___default.a.description,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 6,\n columnNumber: 7\n }\n }, \"Get started by editing\", \" \", __jsx(\"code\", {\n className: _styles_Home_module_css__WEBPACK_IMPORTED_MODULE_1___default.a.code,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 8,\n columnNumber: 9\n }\n }, \"pages/index.js\")), __jsx(\"div\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 11,\n columnNumber: 7\n }\n }, __jsx(\"div\", {\n className: _styles_Home_module_css__WEBPACK_IMPORTED_MODULE_1___default.a.card,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 12,\n columnNumber: 9\n }\n }, __jsx(\"h3\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 13,\n columnNumber: 11\n }\n }, \"Send a request with a valid CSRF token\"), __jsx(\"p\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 15,\n columnNumber: 11\n }\n }, \"Open the Web Console and click in the button below to see how a valid request works.\")), __jsx(\"div\", {\n className: _styles_Home_module_css__WEBPACK_IMPORTED_MODULE_1___default.a.card,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 29,\n columnNumber: 9\n }\n }, __jsx(\"h3\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 30,\n columnNumber: 11\n }\n }, \"Send a request without the CSRF token\"), __jsx(\"p\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 32,\n columnNumber: 11\n }\n }, \"Because any request we send from the browser will have a cookie with the token attached, try to send a request from a terminal and see what happens with a missing or an invalid CSRF token.\"), __jsx(\"pre\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 38,\n columnNumber: 11\n }\n }, __jsx(\"code\", {\n className: _styles_Home_module_css__WEBPACK_IMPORTED_MODULE_1___default.a.code,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 39,\n columnNumber: 13\n }\n }, \"$ curl -X POST http://localhost:3000/api/protected\")), __jsx(\"pre\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 44,\n columnNumber: 11\n }\n }, __jsx(\"code\", {\n className: _styles_Home_module_css__WEBPACK_IMPORTED_MODULE_1___default.a.code,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 45,\n columnNumber: 13\n }\n }, `>> {\"message\": \"Invalid CSRF token\"}`)))));\n}//# sourceURL=[module]\n//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIndlYnBhY2s6Ly8vLi9wYWdlcy9pbmRleC5qcz80NGQ4Il0sIm5hbWVzIjpbIkhvbWUiLCJzdHlsZXMiLCJkZXNjcmlwdGlvbiIsImNvZGUiLCJjYXJkIl0sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7QUFBQTtBQUVlLFNBQVNBLElBQVQsR0FBZ0I7QUFDN0IsU0FDRSxtRUFDRTtBQUFHLGFBQVMsRUFBRUMsOERBQU0sQ0FBQ0MsV0FBckI7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQSwrQkFDeUIsR0FEekIsRUFFRTtBQUFNLGFBQVMsRUFBRUQsOERBQU0sQ0FBQ0UsSUFBeEI7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQSxzQkFGRixDQURGLEVBTUU7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQSxLQUNFO0FBQUssYUFBUyxFQUFFRiw4REFBTSxDQUFDRyxJQUF2QjtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBLEtBQ0U7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQSw4Q0FERixFQUdFO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUEsNEZBSEYsQ0FERixFQWtCRTtBQUFLLGFBQVMsRUFBRUgsOERBQU0sQ0FBQ0csSUFBdkI7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQSxLQUNFO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUEsNkNBREYsRUFHRTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBLG9NQUhGLEVBU0U7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQSxLQUNFO0FBQU0sYUFBUyxFQUFFSCw4REFBTSxDQUFDRSxJQUF4QjtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBLDBEQURGLENBVEYsRUFlRTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBLEtBQ0U7QUFBTSxhQUFTLEVBQUVGLDhEQUFNLENBQUNFLElBQXhCO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUEsS0FDSSxzQ0FESixDQURGLENBZkYsQ0FsQkYsQ0FORixDQURGO0FBaUREIiwiZmlsZSI6Ii4vcGFnZXMvaW5kZXguanMuanMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgc3R5bGVzIGZyb20gXCIuLi9zdHlsZXMvSG9tZS5tb2R1bGUuY3NzXCI7XG5cbmV4cG9ydCBkZWZhdWx0IGZ1bmN0aW9uIEhvbWUoKSB7XG4gIHJldHVybiAoXG4gICAgPD5cbiAgICAgIDxwIGNsYXNzTmFtZT17c3R5bGVzLmRlc2NyaXB0aW9ufT5cbiAgICAgICAgR2V0IHN0YXJ0ZWQgYnkgZWRpdGluZ3tcIiBcIn1cbiAgICAgICAgPGNvZGUgY2xhc3NOYW1lPXtzdHlsZXMuY29kZX0+cGFnZXMvaW5kZXguanM8L2NvZGU+XG4gICAgICA8L3A+XG5cbiAgICAgIDxkaXY+XG4gICAgICAgIDxkaXYgY2xhc3NOYW1lPXtzdHlsZXMuY2FyZH0+XG4gICAgICAgICAgPGgzPlNlbmQgYSByZXF1ZXN0IHdpdGggYSB2YWxpZCBDU1JGIHRva2VuPC9oMz5cblxuICAgICAgICAgIDxwPlxuICAgICAgICAgICAgT3BlbiB0aGUgV2ViIENvbnNvbGUgYW5kIGNsaWNrIGluIHRoZSBidXR0b24gYmVsb3cgdG8gc2VlIGhvdyBhXG4gICAgICAgICAgICB2YWxpZCByZXF1ZXN0IHdvcmtzLlxuICAgICAgICAgIDwvcD5cblxuICAgICAgICAgIHsvKjxidXR0b24qL31cbiAgICAgICAgICB7LyogIGlkPVwid2l0aC1jc3JmXCIqL31cbiAgICAgICAgICB7LyogIGNsYXNzTmFtZT17c3R5bGVzLmJ1dHRvbn0qL31cbiAgICAgICAgICB7LyogIG9uQ2xpY2s9e3JlcXVlc3RXaXRoVG9rZW59Ki99XG4gICAgICAgICAgey8qPiovfVxuICAgICAgICAgIHsvKiAgV2l0aCBDU1JGIHRva2VuKi99XG4gICAgICAgICAgey8qPC9idXR0b24+Ki99XG4gICAgICAgIDwvZGl2PlxuXG4gICAgICAgIDxkaXYgY2xhc3NOYW1lPXtzdHlsZXMuY2FyZH0+XG4gICAgICAgICAgPGgzPlNlbmQgYSByZXF1ZXN0IHdpdGhvdXQgdGhlIENTUkYgdG9rZW48L2gzPlxuXG4gICAgICAgICAgPHA+XG4gICAgICAgICAgICBCZWNhdXNlIGFueSByZXF1ZXN0IHdlIHNlbmQgZnJvbSB0aGUgYnJvd3NlciB3aWxsIGhhdmUgYSBjb29raWUgd2l0aFxuICAgICAgICAgICAgdGhlIHRva2VuIGF0dGFjaGVkLCB0cnkgdG8gc2VuZCBhIHJlcXVlc3QgZnJvbSBhIHRlcm1pbmFsIGFuZCBzZWVcbiAgICAgICAgICAgIHdoYXQgaGFwcGVucyB3aXRoIGEgbWlzc2luZyBvciBhbiBpbnZhbGlkIENTUkYgdG9rZW4uXG4gICAgICAgICAgPC9wPlxuXG4gICAgICAgICAgPHByZT5cbiAgICAgICAgICAgIDxjb2RlIGNsYXNzTmFtZT17c3R5bGVzLmNvZGV9PlxuICAgICAgICAgICAgICAkIGN1cmwgLVggUE9TVCBodHRwOi8vbG9jYWxob3N0OjMwMDAvYXBpL3Byb3RlY3RlZFxuICAgICAgICAgICAgPC9jb2RlPlxuICAgICAgICAgIDwvcHJlPlxuXG4gICAgICAgICAgPHByZT5cbiAgICAgICAgICAgIDxjb2RlIGNsYXNzTmFtZT17c3R5bGVzLmNvZGV9PlxuICAgICAgICAgICAgICB7YD4+IHtcIm1lc3NhZ2VcIjogXCJJbnZhbGlkIENTUkYgdG9rZW5cIn1gfVxuICAgICAgICAgICAgPC9jb2RlPlxuICAgICAgICAgIDwvcHJlPlxuICAgICAgICA8L2Rpdj5cbiAgICAgIDwvZGl2PlxuICAgIDwvPlxuICApO1xufVxuIl0sInNvdXJjZVJvb3QiOiIifQ==\n//# sourceURL=webpack-internal:///./pages/index.js\n");
/***/ }),
/***/ "./styles/Home.module.css":
/*!********************************!*\
!*** ./styles/Home.module.css ***!
\********************************/
/*! no static exports found */
/***/ (function(module, exports) {
eval("// Exports\nmodule.exports = {\n\t\"container\": \"Home_container__1EcsU\",\n\t\"form\": \"Home_form__1fOyp\",\n\t\"info\": \"Home_info__337F2\",\n\t\"nav\": \"Home_nav__1c1C3\",\n\t\"main\": \"Home_main__1x8gC\",\n\t\"footer\": \"Home_footer__1WdhD\",\n\t\"title\": \"Home_title__3DjR7\",\n\t\"description\": \"Home_description__17Z4F\",\n\t\"code\": \"Home_code__axx2Y\",\n\t\"grid\": \"Home_grid__2Ei2F\",\n\t\"button\": \"Home_button__Xc9mA\",\n\t\"card\": \"Home_card__2SdtB\",\n\t\"logo\": \"Home_logo__1YbrH\"\n};\n//# sourceURL=[module]\n//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIndlYnBhY2s6Ly8vLi9zdHlsZXMvSG9tZS5tb2R1bGUuY3NzPzRmYmEiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0EiLCJmaWxlIjoiLi9zdHlsZXMvSG9tZS5tb2R1bGUuY3NzLmpzIiwic291cmNlc0NvbnRlbnQiOlsiLy8gRXhwb3J0c1xubW9kdWxlLmV4cG9ydHMgPSB7XG5cdFwiY29udGFpbmVyXCI6IFwiSG9tZV9jb250YWluZXJfXzFFY3NVXCIsXG5cdFwiZm9ybVwiOiBcIkhvbWVfZm9ybV9fMWZPeXBcIixcblx0XCJpbmZvXCI6IFwiSG9tZV9pbmZvX18zMzdGMlwiLFxuXHRcIm5hdlwiOiBcIkhvbWVfbmF2X18xYzFDM1wiLFxuXHRcIm1haW5cIjogXCJIb21lX21haW5fXzF4OGdDXCIsXG5cdFwiZm9vdGVyXCI6IFwiSG9tZV9mb290ZXJfXzFXZGhEXCIsXG5cdFwidGl0bGVcIjogXCJIb21lX3RpdGxlX18zRGpSN1wiLFxuXHRcImRlc2NyaXB0aW9uXCI6IFwiSG9tZV9kZXNjcmlwdGlvbl9fMTdaNEZcIixcblx0XCJjb2RlXCI6IFwiSG9tZV9jb2RlX19heHgyWVwiLFxuXHRcImdyaWRcIjogXCJIb21lX2dyaWRfXzJFaTJGXCIsXG5cdFwiYnV0dG9uXCI6IFwiSG9tZV9idXR0b25fX1hjOW1BXCIsXG5cdFwiY2FyZFwiOiBcIkhvbWVfY2FyZF9fMlNkdEJcIixcblx0XCJsb2dvXCI6IFwiSG9tZV9sb2dvX18xWWJySFwiXG59O1xuIl0sInNvdXJjZVJvb3QiOiIifQ==\n//# sourceURL=webpack-internal:///./styles/Home.module.css\n");
/***/ }),
/***/ "react":
/*!************************!*\
!*** external "react" ***!
\************************/
/*! no static exports found */
/***/ (function(module, exports) {
eval("module.exports = require(\"react\");//# sourceURL=[module]\n//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIndlYnBhY2s6Ly8vZXh0ZXJuYWwgXCJyZWFjdFwiPzU4OGUiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEiLCJmaWxlIjoicmVhY3QuanMiLCJzb3VyY2VzQ29udGVudCI6WyJtb2R1bGUuZXhwb3J0cyA9IHJlcXVpcmUoXCJyZWFjdFwiKTsiXSwic291cmNlUm9vdCI6IiJ9\n//# sourceURL=webpack-internal:///react\n");
/***/ })
/******/ });