safe-fetch

A fetch() wrapper that implements Double Submit Cookies CSRF protection. Version 0.2.1 is the current release, last updated in 2015. It automatically adds a CSRF token header (default x-csrf-token) from a cookie (default csrf-token) for same-origin requests. The library sets credentials: 'same-origin' by default and can be configured via global properties. It requires a server that sets the CSRF cookie and expects the header. This package is minimal and unmaintained, with no TypeScript definitions and limited browser support (requires native fetch or polyfill). It is designed for simple CSRF prevention in fetch-based web applications.