csrf

package

v1.1.0 Latest Latest Go to latest Published: Mar 2, 2025 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Description: CSRF protection middleware for Go web servers. The CSRF middleware generates and validates tokens to prevent cross-site request forgery attacks. The CSRF token is set in an HTTP-only cookie(to prevent access via JavaScript) and and a hidden form field. The middleware checks the token in the form or request headers against the cookie. The CSRF token is generated using 32 random bytes encoded in base64. Access to the token is provided in the context using the key "csrf_token".

Index ¶

Variables
func CreateToken() (string, error)
func New(store sessions.Store, secureCookie bool) rex.Middleware

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrMissingToken = errors.New("missing CSRF token")
	ErrInvalidToken = errors.New("invalid CSRF token")
)

Functions ¶

func CreateToken ¶

func CreateToken() (string, error)

Generates a random CSRF token.

func New ¶

func New(store sessions.Store, secureCookie bool) rex.Middleware

Middleware sets and verifies CSRF tokens using HTTP-only cookies and forms. Set the CSRF token in the form using {{ .csrf_token }} in the template. If secureCookie is true, the csrf token is transmitted only in a secure context (https).

Types ¶

This section is empty.

Source Files ¶

View all Source files

csrf.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL