Documentation ¶
Overview ¶
Package xsrf provides Cross Site Request Forgery prevention middleware.
Usage:
- When serving GET request put hidden "xsrf_token" input field with the token value into the form. Use TokenField(...) to generate it.
- Wrap POST-handling route with WithTokenCheck(...) middleware.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Token ¶
Token generates new XSRF token bound to the current caller.
The token is URL safe base64 encoded string. It lives for 4 hours and may potentially be used multiple times (i.e. the token is stateless).
Put it in hidden form field under the name of "xsrf_token", e.g. <input type="hidden" name="xsrf_token" value="{{.XsrfToken}}">.
Later WithTokenCheck will grab it from there and verify its validity.
func TokenField ¶
TokenField generates "<input type="hidden" ...>" field with the token.
It can be put into HTML forms directly. Panics on errors.
func WithTokenCheck ¶
WithTokenCheck is middleware that checks validity of XSRF tokens.
If searches for the token in "xsrf_token" POST form field (as generated by TokenField). Aborts the request with HTTP 403 if XSRF token is missing or invalid.
Types ¶
This section is empty.