csrf

package module

v0.0.0-...-18b81b8 Latest Latest Go to latest Published: Oct 27, 2023 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/and07/csrf

Links

Open Source Insights

README ¶

CSRF

HTTP CSRF is a port of echo's CSRF middleware but for the http.

Documentation ¶

Index ¶

Constants
Variables
func CSRF(next http.Handler) http.Handler
func CSRFWithConfig(config CSRFConfig) func(next http.Handler) http.Handler
type CSRFConfig

Constants ¶

View Source

const (
	// CSRFTokenNotFound defines the error for a Token not found
	CSRFTokenNotFound = "CSRF Token not found"

	// DefaultTokenLookup defines `X-CSRF-TOKEN` as the default token lookup
	DefaultTokenLookup = "X-CSRF-TOKEN"

	// InvalidCSRFToken defines the error for an invalid CSRF token
	InvalidCSRFToken = "Invalid token"
)

Variables ¶

View Source

var (
	// DefaultCSRFConfig is the default CSRF middleware config.
	DefaultCSRFConfig = CSRFConfig{
		TokenLength:  32,
		TokenLookup:  "header:" + DefaultTokenLookup,
		ContextKey:   "csrf",
		CookieName:   "_csrf",
		CookieMaxAge: 86400,
	}
)

Functions ¶

func CSRF ¶

func CSRF(next http.Handler) http.Handler

CSRF returns a Cross-Site Request Forgery (CSRF) middleware. See: https://en.wikipedia.org/wiki/Cross-site_request_forgery

func CSRFWithConfig ¶

func CSRFWithConfig(config CSRFConfig) func(next http.Handler) http.Handler

CSRFWithConfig returns a CSRF middleware with config. See `CSRF(fasthttp.RequestHandler)`.

Types ¶

type CSRFConfig ¶

type CSRFConfig struct {
	TokenLength uint8 `yaml:"token_length"`

	// TokenLookup is a string in the form of "<source>:<key>" that is used
	// to extract token from the request.
	// Optional. Default value "header:X-CSRF-Token".
	// Possible values:
	// - "header:<name>"
	// - "form:<name>"
	// - "query:<name>"
	TokenLookup string `yaml:"token_lookup"`

	// Context key to store generated CSRF token into context.
	// Optional. Default value "csrf".
	ContextKey string `yaml:"context_key"`

	// Name of the CSRF cookie. This cookie will store CSRF token.
	// Optional. Default value "csrf".
	CookieName string `yaml:"cookie_name"`

	// Domain of the CSRF cookie.
	// Optional. Default value none.
	CookieDomain string `yaml:"cookie_domain"`

	// Path of the CSRF cookie.
	// Optional. Default value none.
	CookiePath string `yaml:"cookie_path"`

	// Max age (in seconds) of the CSRF cookie.
	// Optional. Default value 86400 (24hr).
	CookieMaxAge int `yaml:"cookie_max_age"`

	// Indicates if CSRF cookie is secure.
	// Optional. Default value false.
	CookieSecure bool `yaml:"cookie_secure"`

	// Indicates if CSRF cookie is HTTP only.
	// Optional. Default value false.
	CookieHTTPOnly bool `yaml:"cookie_http_only"`
}

CSRFConfig defines the config for CSRF middleware

Source Files ¶

View all Source files

csrf.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL