Documentation
¶
Index ¶
- Variables
- func AppendFlowTo(src *url.URL, id uuid.UUID) *url.URL
- func EnsureCSRF(r *http.Request, flowType Type, disableAPIFlowEnforcement bool, ...) error
- func GetFlowID(r *http.Request) (uuid.UUID, error)
- func MethodEnabledAndAllowed(ctx context.Context, expected, actual string, d interface{ ... }) error
- func MethodEnabledAndAllowedFromRequest(r *http.Request, expected string, d interface{ ... }) error
- type Flow
- type MethodConfigurator
- type Type
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrStrategyNotResponsible = errors.New("strategy is not responsible for this request") ErrCompletedByStrategy = errors.New("flow response completed by strategy") )
View Source
var ErrCookieHeaderNeedsBrowserFlow = herodot.ErrBadRequest.
WithReasonf(`The HTTP Request Header included the "Cookie" key, indicating that this request was made by a Browser. The flow however was initiated as an API request. To prevent potential misuse and mitigate several attack vectors including CSRF, the request has been blocked. Please consult the documentation.`)
View Source
var ErrOriginHeaderNeedsBrowserFlow = herodot.ErrBadRequest.
WithReasonf(`The HTTP Request Header included the "Origin" key, indicating that this request was made as part of an AJAX request in a Browser. The flow however was initiated as an API request. To prevent potential misuse and mitigate several attack vectors including CSRF, the request has been blocked. Please consult the documentation.`)
Functions ¶
func EnsureCSRF ¶
func MethodEnabledAndAllowed ¶
Types ¶
type MethodConfigurator ¶
type MethodConfigurator interface {
container.NodeGetter
container.ErrorParser
// form.NodeSetter
// form.NodeUnsetter
container.ValueSetter
container.Resetter
container.MessageResetter
container.CSRFSetter
container.FieldSorter
}
swagger:ignore
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.