Documentation
¶
Index ¶
- Constants
- func AddCSRFProtection(w http.ResponseWriter, r *http.Request) (string, error)
- func ExtractTokenFromCookie(r *http.Request) (string, error)
- func GenerateToken() (string, error)
- func VerifyFormField(r *http.Request) error
- func VerifyHTTPHeader(r *http.Request) error
- func VerifyToken(token string, r *http.Request) error
Constants ¶
View Source
const ( // CookieName is the name of the CSRF cookie. It's prefixed with "__Host-" as // an additional defense in depth measure. It makes sure it is sent from a // secure page (HTTPS), won't be sent to subdomains, and the path attribute // is set to /. CookieName = "__Host-grv_csrf" // HeaderName is the default HTTP request header to inspect. HeaderName = "X-CSRF-Token" // FormFieldName is the default form field to inspect. FormFieldName = "csrf_token" )
Variables ¶
This section is empty.
Functions ¶
func AddCSRFProtection ¶
AddCSRFProtection adds CSRF token into the user session via secure cookie, it implements "double submit cookie" approach to check against CSRF attacks https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Double_Submit_Cookie
func ExtractTokenFromCookie ¶
ExtractTokenFromCookie retrieves a CSRF token from the session cookie.
func GenerateToken ¶
GenerateToken generates a random CSRF token.
func VerifyFormField ¶
VerifyFormField checks if HTTP form value matches the cookie.
func VerifyHTTPHeader ¶
VerifyHTTPHeader checks if HTTP header value matches the cookie.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.