UNPKG

next-csrf

Version:

CSRF mitigation library for Next.js

130 lines (120 loc) 14.1 kB
module.exports = /******/ (function(modules) { // webpackBootstrap /******/ // The module cache /******/ var installedModules = require('../ssr-module-cache.js'); /******/ /******/ // The require function /******/ function __webpack_require__(moduleId) { /******/ /******/ // Check if module is in cache /******/ if(installedModules[moduleId]) { /******/ return installedModules[moduleId].exports; /******/ } /******/ // Create a new module (and put it into the cache) /******/ var module = installedModules[moduleId] = { /******/ i: moduleId, /******/ l: false, /******/ exports: {} /******/ }; /******/ /******/ // Execute the module function /******/ var threw = true; /******/ try { /******/ modules[moduleId].call(module.exports, module, module.exports, __webpack_require__); /******/ threw = false; /******/ } finally { /******/ if(threw) delete installedModules[moduleId]; /******/ } /******/ /******/ // Flag the module as loaded /******/ module.l = true; /******/ /******/ // Return the exports of the module /******/ return module.exports; /******/ } /******/ /******/ /******/ // expose the modules object (__webpack_modules__) /******/ __webpack_require__.m = modules; /******/ /******/ // expose the module cache /******/ __webpack_require__.c = installedModules; /******/ /******/ // define getter function for harmony exports /******/ __webpack_require__.d = function(exports, name, getter) { /******/ if(!__webpack_require__.o(exports, name)) { /******/ Object.defineProperty(exports, name, { enumerable: true, get: getter }); /******/ } /******/ }; /******/ /******/ // define __esModule on exports /******/ __webpack_require__.r = function(exports) { /******/ if(typeof Symbol !== 'undefined' && Symbol.toStringTag) { /******/ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' }); /******/ } /******/ Object.defineProperty(exports, '__esModule', { value: true }); /******/ }; /******/ /******/ // create a fake namespace object /******/ // mode & 1: value is a module id, require it /******/ // mode & 2: merge all properties of value into the ns /******/ // mode & 4: return value when already ns object /******/ // mode & 8|1: behave like require /******/ __webpack_require__.t = function(value, mode) { /******/ if(mode & 1) value = __webpack_require__(value); /******/ if(mode & 8) return value; /******/ if((mode & 4) && typeof value === 'object' && value && value.__esModule) return value; /******/ var ns = Object.create(null); /******/ __webpack_require__.r(ns); /******/ Object.defineProperty(ns, 'default', { enumerable: true, value: value }); /******/ if(mode & 2 && typeof value != 'string') for(var key in value) __webpack_require__.d(ns, key, function(key) { return value[key]; }.bind(null, key)); /******/ return ns; /******/ }; /******/ /******/ // getDefaultExport function for compatibility with non-harmony modules /******/ __webpack_require__.n = function(module) { /******/ var getter = module && module.__esModule ? /******/ function getDefault() { return module['default']; } : /******/ function getModuleExports() { return module; }; /******/ __webpack_require__.d(getter, 'a', getter); /******/ return getter; /******/ }; /******/ /******/ // Object.prototype.hasOwnProperty.call /******/ __webpack_require__.o = function(object, property) { return Object.prototype.hasOwnProperty.call(object, property); }; /******/ /******/ // __webpack_public_path__ /******/ __webpack_require__.p = ""; /******/ /******/ /******/ // Load entry module and return exports /******/ return __webpack_require__(__webpack_require__.s = "./pages/index.js"); /******/ }) /************************************************************************/ /******/ ({ /***/ "./pages/index.js": /*!************************!*\ !*** ./pages/index.js ***! \************************/ /*! exports provided: default */ /***/ (function(module, __webpack_exports__, __webpack_require__) { "use strict"; eval("__webpack_require__.r(__webpack_exports__);\n/* harmony export (binding) */ __webpack_require__.d(__webpack_exports__, \"default\", function() { return Home; });\n/* harmony import */ var react__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(/*! react */ \"react\");\n/* harmony import */ var react__WEBPACK_IMPORTED_MODULE_0___default = /*#__PURE__*/__webpack_require__.n(react__WEBPACK_IMPORTED_MODULE_0__);\n/* harmony import */ var _styles_Home_module_css__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(/*! ../styles/Home.module.css */ \"./styles/Home.module.css\");\n/* harmony import */ var _styles_Home_module_css__WEBPACK_IMPORTED_MODULE_1___default = /*#__PURE__*/__webpack_require__.n(_styles_Home_module_css__WEBPACK_IMPORTED_MODULE_1__);\nvar _jsxFileName = \"/home/jolvera/proj/next-csrf/example/pages/index.js\";\n\nvar __jsx = react__WEBPACK_IMPORTED_MODULE_0___default.a.createElement;\n\nfunction Home() {\n return __jsx(react__WEBPACK_IMPORTED_MODULE_0___default.a.Fragment, null, __jsx(\"p\", {\n className: _styles_Home_module_css__WEBPACK_IMPORTED_MODULE_1___default.a.description,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 6,\n columnNumber: 7\n }\n }, \"Get started by editing\", \" \", __jsx(\"code\", {\n className: _styles_Home_module_css__WEBPACK_IMPORTED_MODULE_1___default.a.code,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 8,\n columnNumber: 9\n }\n }, \"pages/index.js\")), __jsx(\"div\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 11,\n columnNumber: 7\n }\n }, __jsx(\"div\", {\n className: _styles_Home_module_css__WEBPACK_IMPORTED_MODULE_1___default.a.card,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 12,\n columnNumber: 9\n }\n }, __jsx(\"h3\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 13,\n columnNumber: 11\n }\n }, \"Send a request with a valid CSRF token\"), __jsx(\"p\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 15,\n columnNumber: 11\n }\n }, \"Open the Web Console and click in the button below to see how a valid request works.\")), __jsx(\"div\", {\n className: _styles_Home_module_css__WEBPACK_IMPORTED_MODULE_1___default.a.card,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 29,\n columnNumber: 9\n }\n }, __jsx(\"h3\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 30,\n columnNumber: 11\n }\n }, \"Send a request without the CSRF token\"), __jsx(\"p\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 32,\n columnNumber: 11\n }\n }, \"Because any request we send from the browser will have a cookie with the token attached, try to send a request from a terminal and see what happens with a missing or an invalid CSRF token.\"), __jsx(\"pre\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 38,\n columnNumber: 11\n }\n }, __jsx(\"code\", {\n className: _styles_Home_module_css__WEBPACK_IMPORTED_MODULE_1___default.a.code,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 39,\n columnNumber: 13\n }\n }, \"$ curl -X POST http://localhost:3000/api/protected\")), __jsx(\"pre\", {\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 44,\n columnNumber: 11\n }\n }, __jsx(\"code\", {\n className: _styles_Home_module_css__WEBPACK_IMPORTED_MODULE_1___default.a.code,\n __self: this,\n __source: {\n fileName: _jsxFileName,\n lineNumber: 45,\n columnNumber: 13\n }\n }, `>> {\"message\": \"Invalid CSRF token\"}`)))));\n}//# sourceURL=[module]\n//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIndlYnBhY2s6Ly8vLi9wYWdlcy9pbmRleC5qcz80NGQ4Il0sIm5hbWVzIjpbIkhvbWUiLCJzdHlsZXMiLCJkZXNjcmlwdGlvbiIsImNvZGUiLCJjYXJkIl0sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7QUFBQTtBQUVlLFNBQVNBLElBQVQsR0FBZ0I7QUFDN0IsU0FDRSxtRUFDRTtBQUFHLGFBQVMsRUFBRUMsOERBQU0sQ0FBQ0MsV0FBckI7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQSwrQkFDeUIsR0FEekIsRUFFRTtBQUFNLGFBQVMsRUFBRUQsOERBQU0sQ0FBQ0UsSUFBeEI7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQSxzQkFGRixDQURGLEVBTUU7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQSxLQUNFO0FBQUssYUFBUyxFQUFFRiw4REFBTSxDQUFDRyxJQUF2QjtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBLEtBQ0U7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQSw4Q0FERixFQUdFO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUEsNEZBSEYsQ0FERixFQWtCRTtBQUFLLGFBQVMsRUFBRUgsOERBQU0sQ0FBQ0csSUFBdkI7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQSxLQUNFO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUEsNkNBREYsRUFHRTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBLG9NQUhGLEVBU0U7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQSxLQUNFO0FBQU0sYUFBUyxFQUFFSCw4REFBTSxDQUFDRSxJQUF4QjtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBLDBEQURGLENBVEYsRUFlRTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBLEtBQ0U7QUFBTSxhQUFTLEVBQUVGLDhEQUFNLENBQUNFLElBQXhCO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUEsS0FDSSxzQ0FESixDQURGLENBZkYsQ0FsQkYsQ0FORixDQURGO0FBaUREIiwiZmlsZSI6Ii4vcGFnZXMvaW5kZXguanMuanMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgc3R5bGVzIGZyb20gXCIuLi9zdHlsZXMvSG9tZS5tb2R1bGUuY3NzXCI7XG5cbmV4cG9ydCBkZWZhdWx0IGZ1bmN0aW9uIEhvbWUoKSB7XG4gIHJldHVybiAoXG4gICAgPD5cbiAgICAgIDxwIGNsYXNzTmFtZT17c3R5bGVzLmRlc2NyaXB0aW9ufT5cbiAgICAgICAgR2V0IHN0YXJ0ZWQgYnkgZWRpdGluZ3tcIiBcIn1cbiAgICAgICAgPGNvZGUgY2xhc3NOYW1lPXtzdHlsZXMuY29kZX0+cGFnZXMvaW5kZXguanM8L2NvZGU+XG4gICAgICA8L3A+XG5cbiAgICAgIDxkaXY+XG4gICAgICAgIDxkaXYgY2xhc3NOYW1lPXtzdHlsZXMuY2FyZH0+XG4gICAgICAgICAgPGgzPlNlbmQgYSByZXF1ZXN0IHdpdGggYSB2YWxpZCBDU1JGIHRva2VuPC9oMz5cblxuICAgICAgICAgIDxwPlxuICAgICAgICAgICAgT3BlbiB0aGUgV2ViIENvbnNvbGUgYW5kIGNsaWNrIGluIHRoZSBidXR0b24gYmVsb3cgdG8gc2VlIGhvdyBhXG4gICAgICAgICAgICB2YWxpZCByZXF1ZXN0IHdvcmtzLlxuICAgICAgICAgIDwvcD5cblxuICAgICAgICAgIHsvKjxidXR0b24qL31cbiAgICAgICAgICB7LyogIGlkPVwid2l0aC1jc3JmXCIqL31cbiAgICAgICAgICB7LyogIGNsYXNzTmFtZT17c3R5bGVzLmJ1dHRvbn0qL31cbiAgICAgICAgICB7LyogIG9uQ2xpY2s9e3JlcXVlc3RXaXRoVG9rZW59Ki99XG4gICAgICAgICAgey8qPiovfVxuICAgICAgICAgIHsvKiAgV2l0aCBDU1JGIHRva2VuKi99XG4gICAgICAgICAgey8qPC9idXR0b24+Ki99XG4gICAgICAgIDwvZGl2PlxuXG4gICAgICAgIDxkaXYgY2xhc3NOYW1lPXtzdHlsZXMuY2FyZH0+XG4gICAgICAgICAgPGgzPlNlbmQgYSByZXF1ZXN0IHdpdGhvdXQgdGhlIENTUkYgdG9rZW48L2gzPlxuXG4gICAgICAgICAgPHA+XG4gICAgICAgICAgICBCZWNhdXNlIGFueSByZXF1ZXN0IHdlIHNlbmQgZnJvbSB0aGUgYnJvd3NlciB3aWxsIGhhdmUgYSBjb29raWUgd2l0aFxuICAgICAgICAgICAgdGhlIHRva2VuIGF0dGFjaGVkLCB0cnkgdG8gc2VuZCBhIHJlcXVlc3QgZnJvbSBhIHRlcm1pbmFsIGFuZCBzZWVcbiAgICAgICAgICAgIHdoYXQgaGFwcGVucyB3aXRoIGEgbWlzc2luZyBvciBhbiBpbnZhbGlkIENTUkYgdG9rZW4uXG4gICAgICAgICAgPC9wPlxuXG4gICAgICAgICAgPHByZT5cbiAgICAgICAgICAgIDxjb2RlIGNsYXNzTmFtZT17c3R5bGVzLmNvZGV9PlxuICAgICAgICAgICAgICAkIGN1cmwgLVggUE9TVCBodHRwOi8vbG9jYWxob3N0OjMwMDAvYXBpL3Byb3RlY3RlZFxuICAgICAgICAgICAgPC9jb2RlPlxuICAgICAgICAgIDwvcHJlPlxuXG4gICAgICAgICAgPHByZT5cbiAgICAgICAgICAgIDxjb2RlIGNsYXNzTmFtZT17c3R5bGVzLmNvZGV9PlxuICAgICAgICAgICAgICB7YD4+IHtcIm1lc3NhZ2VcIjogXCJJbnZhbGlkIENTUkYgdG9rZW5cIn1gfVxuICAgICAgICAgICAgPC9jb2RlPlxuICAgICAgICAgIDwvcHJlPlxuICAgICAgICA8L2Rpdj5cbiAgICAgIDwvZGl2PlxuICAgIDwvPlxuICApO1xufVxuIl0sInNvdXJjZVJvb3QiOiIifQ==\n//# sourceURL=webpack-internal:///./pages/index.js\n"); /***/ }), /***/ "./styles/Home.module.css": /*!********************************!*\ !*** ./styles/Home.module.css ***! \********************************/ /*! no static exports found */ /***/ (function(module, exports) { eval("// Exports\nmodule.exports = {\n\t\"container\": \"Home_container__1EcsU\",\n\t\"form\": \"Home_form__1fOyp\",\n\t\"info\": \"Home_info__337F2\",\n\t\"nav\": \"Home_nav__1c1C3\",\n\t\"main\": \"Home_main__1x8gC\",\n\t\"footer\": \"Home_footer__1WdhD\",\n\t\"title\": \"Home_title__3DjR7\",\n\t\"description\": \"Home_description__17Z4F\",\n\t\"code\": \"Home_code__axx2Y\",\n\t\"grid\": \"Home_grid__2Ei2F\",\n\t\"button\": \"Home_button__Xc9mA\",\n\t\"card\": \"Home_card__2SdtB\",\n\t\"logo\": \"Home_logo__1YbrH\"\n};\n//# sourceURL=[module]\n//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIndlYnBhY2s6Ly8vLi9zdHlsZXMvSG9tZS5tb2R1bGUuY3NzPzRmYmEiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0EiLCJmaWxlIjoiLi9zdHlsZXMvSG9tZS5tb2R1bGUuY3NzLmpzIiwic291cmNlc0NvbnRlbnQiOlsiLy8gRXhwb3J0c1xubW9kdWxlLmV4cG9ydHMgPSB7XG5cdFwiY29udGFpbmVyXCI6IFwiSG9tZV9jb250YWluZXJfXzFFY3NVXCIsXG5cdFwiZm9ybVwiOiBcIkhvbWVfZm9ybV9fMWZPeXBcIixcblx0XCJpbmZvXCI6IFwiSG9tZV9pbmZvX18zMzdGMlwiLFxuXHRcIm5hdlwiOiBcIkhvbWVfbmF2X18xYzFDM1wiLFxuXHRcIm1haW5cIjogXCJIb21lX21haW5fXzF4OGdDXCIsXG5cdFwiZm9vdGVyXCI6IFwiSG9tZV9mb290ZXJfXzFXZGhEXCIsXG5cdFwidGl0bGVcIjogXCJIb21lX3RpdGxlX18zRGpSN1wiLFxuXHRcImRlc2NyaXB0aW9uXCI6IFwiSG9tZV9kZXNjcmlwdGlvbl9fMTdaNEZcIixcblx0XCJjb2RlXCI6IFwiSG9tZV9jb2RlX19heHgyWVwiLFxuXHRcImdyaWRcIjogXCJIb21lX2dyaWRfXzJFaTJGXCIsXG5cdFwiYnV0dG9uXCI6IFwiSG9tZV9idXR0b25fX1hjOW1BXCIsXG5cdFwiY2FyZFwiOiBcIkhvbWVfY2FyZF9fMlNkdEJcIixcblx0XCJsb2dvXCI6IFwiSG9tZV9sb2dvX18xWWJySFwiXG59O1xuIl0sInNvdXJjZVJvb3QiOiIifQ==\n//# sourceURL=webpack-internal:///./styles/Home.module.css\n"); /***/ }), /***/ "react": /*!************************!*\ !*** external "react" ***! \************************/ /*! no static exports found */ /***/ (function(module, exports) { eval("module.exports = require(\"react\");//# sourceURL=[module]\n//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIndlYnBhY2s6Ly8vZXh0ZXJuYWwgXCJyZWFjdFwiPzU4OGUiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEiLCJmaWxlIjoicmVhY3QuanMiLCJzb3VyY2VzQ29udGVudCI6WyJtb2R1bGUuZXhwb3J0cyA9IHJlcXVpcmUoXCJyZWFjdFwiKTsiXSwic291cmNlUm9vdCI6IiJ9\n//# sourceURL=webpack-internal:///react\n"); /***/ }) /******/ });