csrf

package module

v0.0.0-...-18b81b8 Latest Latest Go to latest Published: Oct 27, 2023 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/and07/csrf

Links

Open Source Insights

README ¶

CSRF

HTTP CSRF is a port of echo's CSRF middleware but for the http.

Documentation ¶

Index ¶

Constants
Variables
func CSRF(next http.Handler) http.Handler
func CSRFWithConfig(config CSRFConfig) func(next http.Handler) http.Handler
type CSRFConfig

Constants ¶

View Source

const (
	// CSRFTokenNotFound defines the error for a Token not found
	CSRFTokenNotFound = "CSRF Token not found"

	// DefaultTokenLookup defines `X-CSRF-TOKEN` as the default token lookup
	DefaultTokenLookup = "X-CSRF-TOKEN"

	// InvalidCSRFToken defines the error for an invalid CSRF token
	InvalidCSRFToken = "Invalid token"
)

Variables ¶

View Source

var (
	// DefaultCSRFConfig is the default CSRF middleware config.
	DefaultCSRFConfig = CSRFConfig{
		TokenLength:  32,
		TokenLookup:  "header:" + DefaultTokenLookup,
		ContextKey:   "csrf",
		CookieName:   "_csrf",
		CookieMaxAge: 86400,
	}
)

Functions ¶

func CSRF ¶

func CSRF(next http.Handler) http.Handler

CSRF returns a Cross-Site Request Forgery (CSRF) middleware. See: https://en.wikipedia.org/wiki/Cross-site_request_forgery

func CSRFWithConfig ¶

func CSRFWithConfig(config CSRFConfig) func(next http.Handler) http.Handler

CSRFWithConfig returns a CSRF middleware with config. See `CSRF(fasthttp.RequestHandler)`.

Types ¶

type CSRFConfig ¶

type CSRFConfig struct {
	TokenLength uint8 `yaml:"token_length"`

	// TokenLookup is a string in the form of "<source>:<key>" that is used
	// to extract token from the request.
	// Optional. Default value "header:X-CSRF-Token".
	// Possible values:
	// - "header:<name>"
	// - "form:<name>"
	// - "query:<name>"
	TokenLookup string `yaml:"token_lookup"`

	// Context key to store generated CSRF token into context.
	// Optional. Default value "csrf".
	ContextKey string `yaml:"context_key"`

	// Name of the CSRF cookie. This cookie will store CSRF token.
	// Optional. Default value "csrf".
	CookieName string `yaml:"cookie_name"`

	// Domain of the CSRF cookie.
	// Optional. Default value none.
	CookieDomain string `yaml:"cookie_domain"`

	// Path of the CSRF cookie.
	// Optional. Default value none.
	CookiePath string `yaml:"cookie_path"`

	// Max age (in seconds) of the CSRF cookie.
	// Optional. Default value 86400 (24hr).
	CookieMaxAge int `yaml:"cookie_max_age"`

	// Indicates if CSRF cookie is secure.
	// Optional. Default value false.
	CookieSecure bool `yaml:"cookie_secure"`

	// Indicates if CSRF cookie is HTTP only.
	// Optional. Default value false.
	CookieHTTPOnly bool `yaml:"cookie_http_only"`
}

CSRFConfig defines the config for CSRF middleware

Source Files ¶

View all Source files

csrf.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL