Documentation ¶
Index ¶
- Variables
- func AppendFlowTo(src *url.URL, id uuid.UUID) *url.URL
- func EnsureCSRF(reg interface{ ... }, r *http.Request, flowType Type, ...) error
- func GetCSRFToken(reg interface{ ... }, w http.ResponseWriter, r *http.Request, p Type) string
- func GetFlowID(r *http.Request) (uuid.UUID, error)
- func MethodEnabledAndAllowed(ctx context.Context, expected, actual string, d interface{ ... }) error
- func MethodEnabledAndAllowedFromRequest(r *http.Request, expected string, d interface{ ... }) error
- type Flow
- type MethodConfigurator
- type Type
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrStrategyNotResponsible = errors.New("strategy is not responsible for this request") ErrCompletedByStrategy = errors.New("flow response completed by strategy") )
View Source
var ErrCookieHeaderNeedsBrowserFlow = herodot.ErrBadRequest.
WithReasonf(`The HTTP Request Header included the "Cookie" key, indicating that this request was made by a Browser. The flow however was initiated as an API request. To prevent potential misuse and mitigate several attack vectors including CSRF, the request has been blocked. Please consult the documentation.`)
View Source
var ErrOriginHeaderNeedsBrowserFlow = herodot.ErrBadRequest.
WithReasonf(`The HTTP Request Header included the "Origin" key, indicating that this request was made as part of an AJAX request in a Browser. The flow however was initiated as an API request. To prevent potential misuse and mitigate several attack vectors including CSRF, the request has been blocked. Please consult the documentation.`)
Functions ¶
func EnsureCSRF ¶
func GetCSRFToken ¶
func GetCSRFToken(reg interface { x.CSRFProvider x.CSRFTokenGeneratorProvider }, w http.ResponseWriter, r *http.Request, p Type) string
func MethodEnabledAndAllowed ¶
Types ¶
type MethodConfigurator ¶
type MethodConfigurator interface { container.NodeGetter container.ErrorParser // form.NodeSetter // form.NodeUnsetter container.ValueSetter container.Resetter container.MessageResetter container.CSRFSetter container.FieldSorter }
swagger:ignore
Click to show internal directories.
Click to hide internal directories.