BETA-CSRF-MITIGATION-POC

Purpose
Proof-of-concept showing a strict CORS origin allowlist + origin-required check for sensitive endpoints as a CSRF mitigation approach. Intended to prevent CSRF risk in controlled/local demos even if cookie is set with SameSite: "None".

How it works (concise)

Only allows requests from http://localhost:3000 (origin allowlist).
Rejects requests that omit the Origin header (treated as suspicious).
CORS configured with credentials: true so browser sends cookies only when origin matches.
/login sets an HttpOnly cookie; /transfer requires requests to come from the allowed origin.

✅ Intended effect: makes cross-site requests less likely to succeed from unauthorized origins.

Quick start

npm install express cookie-parser cors
node index.js   # or server.js

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
README.md		README.md
tiny-express-server.js		tiny-express-server.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

BETA-CSRF-MITIGATION-POC

How it works (concise)

Quick start

About

Uh oh!

Releases

Packages

Languages

AmianDevSec/BETA-CSRF-MITIGATION-POC

Folders and files

Latest commit

History

Repository files navigation

BETA-CSRF-MITIGATION-POC

How it works (concise)

Quick start

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages