Skip to content

Commit

Permalink
docs: fix 404 link for fastify-cookie and change http link to https (#…
Browse files Browse the repository at this point in the history 
…151)

Signed-off-by: David Ralph <[email protected]>
  • Loading branch information
@davidcralph
davidcralph authored Jan 11, 2024
1 parent 1010b8a commit d90cc3e
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ npm i @fastify/csrf-protection
## Usage


### Use with [`@fastify/cookie`](https://github.com/fastify/@fastify/cookie)
### Use with [`@fastify/cookie`](https://github.com/fastify/fastify-cookie)

If you use `@fastify/csrf-protection` with `@fastify/cookie`, the CSRF secret will be added to the response cookies.
By default, the cookie used will be named `_csrf`, but you can rename it via the `cookieKey` option.
Expand Down Expand Up @@ -130,7 +130,7 @@ The `secret` shown in the code above is strictly just an example. In all cases,
- Stored in some external services like KMS, Vault or something similar
- Read at run-time and supplied to this option
- Of significant character length to provide adequate entropy
- Truly random sequence of characters (You could use [crypto-random-string](http://npm.im/crypto-random-string))
- Truly random sequence of characters (You could use [crypto-random-string](https://npm.im/crypto-random-string))

Apart from these safeguards, it is extremely important to [use HTTPS for your website/app](https://letsencrypt.org/) to avoid a bunch of other potential security issues like [MITM attacks](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) etc.

Expand Down

0 comments on commit d90cc3e

Please sign in to comment.