Security - CSRF Protection - 《Nest.js 8.x Documentation》

CSRF Protection
- Use with Express (default)
- Use with Fastify

CSRF Protection

Cross-site request forgery (also known as CSRF or XSRF) is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. To mitigate this kind of attack you can use the csurf package.

Use with Express (default)

Start by installing the required package:

$ npm i --save csurf

warning Warning As explained on the csurf middleware page, the csurf module requires either session middleware or a cookie-parser to be initialized first. Please see that documentation for further instructions.

Once the installation is complete, apply the csurf middleware as global middleware.

import * as csurf from 'csurf';
// somewhere in your initialization file
app.use(csurf());

Use with Fastify

Start by installing the required package:

$ npm i --save fastify-csrf

Once the installation is complete, register the fastify-csrf plugin, as follows:

import fastifyCsrf from 'fastify-csrf';
// somewhere in your initialization file
app.register(fastifyCsrf);