Documentation
¶
Index ¶
- func ExtractStateSubstring(req *http.Request) string
- func GenerateCookieName(req *http.Request, opts *options.Cookie) string
- func GetCookieDomain(req *http.Request, cookieDomains []string) string
- func MakeCookieFromOptions(req *http.Request, name string, value string, opts *options.Cookie, ...) *http.Cookie
- func ParseSameSite(v string) http.SameSite
- type CSRF
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExtractStateSubstring ¶
ExtractStateSubstring extract the initial state characters, to add it to the CSRF cookie name
func GenerateCookieName ¶
GenerateCookieName in case cookie options state that CSRF cookie has fixed name then set fixed name, otherwise build name based on the state
func GetCookieDomain ¶
GetCookieDomain returns the correct cookie domain given a list of domains by checking the X-Fowarded-Host and host header of an an http request
func MakeCookieFromOptions ¶
func MakeCookieFromOptions(req *http.Request, name string, value string, opts *options.Cookie, expiration time.Duration, now time.Time) *http.Cookie
MakeCookieFromOptions constructs a cookie based on the given *options.CookieOptions, value and creation time
func ParseSameSite ¶
Parse a valid http.SameSite value from a user supplied string for use of making cookies.
Types ¶
type CSRF ¶
type CSRF interface {
HashOAuthState() string
HashOIDCNonce() string
CheckOAuthState(string) bool
CheckOIDCNonce(string) bool
GetCodeVerifier() string
SetSessionNonce(s *sessions.SessionState)
SetCookie(http.ResponseWriter, *http.Request) (*http.Cookie, error)
ClearCookie(http.ResponseWriter, *http.Request)
}
CSRF manages various nonces stored in the CSRF cookie during the initial authentication flows.
func LoadCSRFCookie ¶
LoadCSRFCookie loads a CSRF object from a request's CSRF cookie
Source Files