Svelte Themes Logo Svelte Themes
Edge Csrf screenshot

Edge Csrf

Author Avatar Theme by Amorey
Updated: 8 May 2025
174 Stars

CSRF protection library for JavaScript that runs on the edge runtime (with Next.js, SvelteKit, Express, Node-HTTP integrations)

Github

Categories

Nextjs Vite

Overview:

Edge-CSRF is a CSRF protection library for JavaScript designed to run on both node and edge runtimes. It offers integrations for popular frameworks like Next.js and SvelteKit, as well as a flexible low-level API for custom implementations. This library simplifies CSRF protection by implementing the signed double submit cookie pattern.

Features:

  • Runs on both node and edge runtimes
  • Includes integrations for Next.js and SvelteKit
  • Provides a low-level API for custom integrations
  • Supports various HTTP request body types (form-urlencoded, multipart/form-data, json-encoded)
  • Retrieves tokens from HTTP request headers or request bodies
  • Supports Server Actions via form and non-form submission
  • Offers customizable cookie and other options

Installation:

Quickstart (Next.js):

  1. Install Edge-CSRF’s Next.js integration library:
    npm install edge-csrf-next
  2. Create a middleware file middleware.ts and add the Edge-CSRF middleware.
  3. Use CSRF tokens in your forms by fetching them from the X-CSRF-Token HTTP response header.

Quickstart (SvelteKit):

  1. Install Edge-CSRF’s SvelteKit integration library:
    npm install edge-csrf-svelte
  2. Create a server-side hooks file hooks.server.ts and add the Edge-CSRF handle.
  3. Fetch CSRF tokens from the event’s locals data object to add them to your forms.

Development:

  • Clone the repository and install dependencies:
    git clone [repository-url]
npm install
  • Run unit tests using jest for testing:
    npm test-all
  • Build Edge-CSRF for production:
    npm run build
    The build artifacts will be in the dist/ directory of each package.

Summary:

Edge-CSRF is a versatile CSRF protection library that offers integrations for Next.js and SvelteKit, along with a customizable low-level API for developers needing more flexibility in their implementations. By supporting different HTTP request body types and providing options for token retrieval, this library simplifies CSRF protection for both node environments and edge functions. Developers can easily enhance the security of their web applications by implementing Edge-CSRF.