Documentation ¶
Index ¶
- Variables
- func IsSafeHTTPMethod(method string) bool
- func IsSameOrigin(a, b *url.URL) bool
- type AntiCSRF
- func (ac *AntiCSRF) CipherSecret(r *ahttp.Request) []byte
- func (ac *AntiCSRF) ClearCookie(w http.ResponseWriter, r *ahttp.Request)
- func (ac *AntiCSRF) GenerateSecret() []byte
- func (ac *AntiCSRF) IsAuthentic(secret, requestSecret []byte) bool
- func (ac *AntiCSRF) RequestCipherSecret(r *ahttp.Request) []byte
- func (ac *AntiCSRF) SaltCipherSecret(secret []byte) string
- func (ac *AntiCSRF) SetCookie(w http.ResponseWriter, secret []byte) error
Constants ¶
This section is empty.
Variables ¶
var ( ErrNoReferer = errors.New("security/anticsrf: no referer") ErrMalformedReferer = errors.New("security/anticsrf: malformed referer") ErrBadReferer = errors.New("security/anticsrf: bad referer") ErrNoCookieFound = errors.New("security/anticsrf: no cookie found") )
Anti-CSRF errors
Functions ¶
func IsSafeHTTPMethod ¶
IsSafeHTTPMethod method returns true if matches otherwise false. Safe methods per defined in https://tools.ietf.org/html/rfc7231#section-4.2.1
func IsSameOrigin ¶
IsSameOrigin method is to check same origin i.e. scheme, host and port. Returns true if matches otherwise false.
Types ¶
type AntiCSRF ¶
type AntiCSRF struct { Enabled bool // contains filtered or unexported fields }
AntiCSRF struct hold the implementation of Anti CSRF (aka XSRF) protection.
func (*AntiCSRF) CipherSecret ¶
CipherSecret method returns the Anti-CSRF secert from the cookie if not available generates new secret.
func (*AntiCSRF) ClearCookie ¶
func (ac *AntiCSRF) ClearCookie(w http.ResponseWriter, r *ahttp.Request)
ClearCookie method is to clear Anti-CSRF cookie when disabled.
func (*AntiCSRF) GenerateSecret ¶
GenerateSecret method generates new secure secret by configured length.
func (*AntiCSRF) IsAuthentic ¶
IsAuthentic method compares the given secret and request secret.
func (*AntiCSRF) RequestCipherSecret ¶
RequestCipherSecret method returns aah request secret (aka anti-csrf token) from the request. The order of secret retrival is HTTP Header, Form (Regular and Multipart).
func (*AntiCSRF) SaltCipherSecret ¶
SaltCipherSecret method returns salted chiper secret.