xsrfangular

package
v0.0.0-...-7bfb722 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 19, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package xsrfangular provides a safehttp.Interceptor that ensures Cross-Site Request Forgery protection for Angular applications by verifying the incoming requests, rejecting those requests that are suspected to be part of an attack.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Interceptor 

type Interceptor struct {
	// TokenCookieName is the name of the session cookie that holds the XSRF token.
	TokenCookieName string
	// TokenHeaderName is the name of the HTTP header that holds the XSRF token.
	TokenHeaderName string
}

Interceptor provides protection against Cross-Site Request Forgery attacks for Angular's XHR requests.

See https://docs.angularjs.org/api/ng/service/$http#cross-site-request-forgery-xsrf-protection for more details.

func Default 

func Default() *Interceptor

Default creates an Interceptor with TokenCookieName set to XSRF-TOKEN and TokenHeaderName set to X-XSRF-TOKEN, their default values. However, in order to prevent collisions when multiple applications share the same domain or subdomain, each application should set a unique name for the cookie.

See https://docs.angularjs.org/api/ng/service/$http#cross-site-request-forgery-xsrf-protection for more details.

func (*Interceptor) Before 

func (it *Interceptor) Before(w safehttp.ResponseWriter, r *safehttp.IncomingRequest, _ safehttp.InterceptorConfig) safehttp.Result

Before checks for the presence of a matching XSRF token, generated on the first page access, in both a cookie and a header. Their names should be set when the Interceptor is created.

func (*Interceptor) Commit 

func (it *Interceptor) Commit(w safehttp.ResponseHeadersWriter, r *safehttp.IncomingRequest, resp safehttp.Response, _ safehttp.InterceptorConfig)

Commit generates a cryptographically secure random cookie on the first state preserving request (GET, HEAD or OPTION) and sets it in the response. On every subsequent request the cookie is expected alongside a header that matches its value.

func (*Interceptor) Match 

func (*Interceptor) Match(safehttp.InterceptorConfig) bool

Match returns false since there are no supported configurations.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.