This SDK documentation is outdated. Please do not refer to it, and instead visit the User Guides section.

1.3.X

"supertokens.middleware"

  • This middleware will verify sessions for all APIs that it is used in, except for:
    • OPTIONS and TRACE methods
    • refresh session API.
  • For refresh session API, it will call the refreshSession function.
  • It will use the getSession function to verify sessions.
  • If using "supertokens.middleware", then it will automatically provide anti-CSRF protection for all POST, PATCH, DELETE, PUT APIs.
  • If using "supertokens.middleware:false", then it will not provide anti CSRF protection for that API.
  • If using "supertokens.middleware:true", then it will provide anti CSRF protection for that API.
setRelevantHeadersForOptionsAPIOverview