Menu
I want to use csrf only for a controller not whole of application.
@UsePipes(new CsrfPipe())
import { PipeTransform, Injectable, ArgumentMetadata } from '@nestjs/common';
import * as csrf from 'csurf';
@Injectable()
export default class CsrfPipe implements PipeTransform {
transform(value: any, metadata: ArgumentMetadata) {
if (metadata.type == 'body') {
const csrfProtection = csrf({ cookie: true });
csrfProtection(); // what shall I do here ?
}
return value;
}
}
273
Try this one
export class AppModule implements NestModule {
configure(consumer: MiddlewareConsumer) {
//Apply csrf for specific routes
consumer.apply(csrf({ cookie: true })).forRoutes(
{ path: 'auth/login', method: RequestMethod.POST },
{
path: 'auth/csrf',
method: RequestMethod.GET,
},
);
}
}
answered Feb 02 '26 10:02
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With