Documentation ¶
Index ¶
- Constants
- Variables
- func CsrfFromCookie(param string) func(c *fiber.Ctx) (string, error)
- func CsrfFromForm(param string) func(c *fiber.Ctx) (string, error)
- func CsrfFromHeader(param string) func(c *fiber.Ctx) (string, error)
- func CsrfFromParam(param string) func(c *fiber.Ctx) (string, error)
- func CsrfFromQuery(param string) func(c *fiber.Ctx) (string, error)
- func New(config ...Config) fiber.Handler
- type Config
Constants ¶
View Source
const HeaderName = "X-Csrf-Token"
Variables ¶
View Source
var ConfigDefault = Config{ KeyLookup: "header:" + HeaderName, CookieName: "csrf_", CookieSameSite: "Lax", Expiration: 1 * time.Hour, KeyGenerator: utils.UUID, ErrorHandler: defaultErrorHandler, Extractor: CsrfFromHeader(HeaderName), }
ConfigDefault is the default config
Functions ¶
func CsrfFromCookie ¶ added in v2.37.0
csrfFromCookie returns a function that extracts token from the cookie header.
func CsrfFromForm ¶ added in v2.37.0
csrfFromForm returns a function that extracts a token from a multipart-form.
func CsrfFromHeader ¶ added in v2.37.0
csrfFromHeader returns a function that extracts token from the request header.
func CsrfFromParam ¶ added in v2.37.0
csrfFromParam returns a function that extracts token from the url param string.
func CsrfFromQuery ¶ added in v2.37.0
csrfFromQuery returns a function that extracts token from the query string.
Types ¶
type Config ¶
type Config struct { // Next defines a function to skip this middleware when returned true. // // Optional. Default: nil Next func(c *fiber.Ctx) bool // KeyLookup is a string in the form of "<source>:<key>" that is used // to create an Extractor that extracts the token from the request. // Possible values: // - "header:<name>" // - "query:<name>" // - "param:<name>" // - "form:<name>" // - "cookie:<name>" // // Ignored if an Extractor is explicitly set. // // Optional. Default: "header:X-CSRF-Token" KeyLookup string // Name of the session cookie. This cookie will store session key. // Optional. Default value "csrf_". CookieName string // Domain of the CSRF cookie. // Optional. Default value "". CookieDomain string // Path of the CSRF cookie. // Optional. Default value "". CookiePath string // Indicates if CSRF cookie is secure. // Optional. Default value false. CookieSecure bool // Indicates if CSRF cookie is HTTP only. // Optional. Default value false. CookieHTTPOnly bool // Value of SameSite cookie. // Optional. Default value "Lax". CookieSameSite string // Decides whether cookie should last for only the browser sesison. // Ignores Expiration if set to true CookieSessionOnly bool // Expiration is the duration before csrf token will expire // // Optional. Default: 1 * time.Hour Expiration time.Duration // Store is used to store the state of the middleware // // Optional. Default: memory.New() Storage fiber.Storage // Context key to store generated CSRF token into context. // If left empty, token will not be stored in context. // // Optional. Default: "" ContextKey string // KeyGenerator creates a new CSRF token // // Optional. Default: utils.UUID KeyGenerator func() string // Deprecated: Please use Expiration CookieExpires time.Duration // Deprecated: Please use Cookie* related fields Cookie *fiber.Cookie // Deprecated: Please use KeyLookup TokenLookup string // ErrorHandler is executed when an error is returned from fiber.Handler. // // Optional. Default: DefaultErrorHandler ErrorHandler fiber.ErrorHandler // Extractor returns the csrf token // // If set this will be used in place of an Extractor based on KeyLookup. // // Optional. Default will create an Extractor based on KeyLookup. Extractor func(c *fiber.Ctx) (string, error) }
Config defines the config for middleware.
Click to show internal directories.
Click to hide internal directories.