csrf

package
v1.3.3-0...-f31c912 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 9, 2024 License: AGPL-3.0 Imports: 5 Imported by: 50

Documentation

Index

Constants

View Source
const (
	// CookieName is the name of the CSRF cookie. It's prefixed with "__Host-" as
	// an additional defense in depth measure. It makes sure it is sent from a
	// secure page (HTTPS), won't be sent to subdomains, and the path attribute
	// is set to /.
	CookieName = "__Host-grv_csrf"
	// HeaderName is the default HTTP request header to inspect.
	HeaderName = "X-CSRF-Token"
	// FormFieldName is the default form field to inspect.
	FormFieldName = "csrf_token"
)

Variables

This section is empty.

Functions

func AddCSRFProtection

func AddCSRFProtection(w http.ResponseWriter, r *http.Request) (string, error)

AddCSRFProtection adds CSRF token into the user session via secure cookie, it implements "double submit cookie" approach to check against CSRF attacks https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Double_Submit_Cookie

func ExtractTokenFromCookie

func ExtractTokenFromCookie(r *http.Request) (string, error)

ExtractTokenFromCookie retrieves a CSRF token from the session cookie.

func GenerateToken

func GenerateToken() (string, error)

GenerateToken generates a random CSRF token.

func VerifyFormField

func VerifyFormField(r *http.Request) error

VerifyFormField checks if HTTP form value matches the cookie.

func VerifyHTTPHeader

func VerifyHTTPHeader(r *http.Request) error

VerifyHTTPHeader checks if HTTP header value matches the cookie.

func VerifyToken

func VerifyToken(token string, r *http.Request) error

VerifyToken validates given token based on HTTP request cookie

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL