In ruby one can do something like <%= form_tag(:action => '/submit') do %> ... <% end %> to get a form including CSRF tokens.
Is there an existing function in node and how is it implemented?
You can use caolan-forms plugin for node.js. After that install express-csrf plugin.
Then you can merge these two, something like:
// initializing express
var express = require('express'),
// initializing express-csrf
csrf = require('express-csrf');
app = express.createServer();
app.dynamicHelpers({
csrf: csrf.token
});
var forms = require('forms'),
fields = forms.fields,
validators = forms.validators;
var reg_form = forms.create({
username: fields.string({required: true, id: csrf, name: csrf}),
});
// finally render the form
reg_form.toHTML();
It would produce:
<div class="field required">
<label for="id_username">Username</label>
<input type="text" name="[csrf-value]" id="[csrf-value]" value="test" />
</div>
Note: The caolan-forms' author wrote:
You'll notice you have to provide your own form tags and submit button, its more flexible this way ;)
Since express-csrf is depriciated, instead use connect bundle and follow this simple example. Eventually, you would be able to integrate it with caolan-forms like:
var reg_form = forms.create({
'_csrf':fields.hidden({value: 'req.session._csrf'}),
...
})