The highest tagged major version is
README
¶
CSRF Prevention Filter
This package provides middleware for CSRF security prevention (Cross-Site Request Forgery).
Configuration
By default, there are three parameters supported by module:
- "all" - defines if all POST forms should be CSRF secured (default is false)
- "secret" - defines key for AES encryption (16, 24 or 32 bytes for AES-128, AES-192 or AES-256)
- "ttl" - defines max time (in seconds) validation for some token (default is 15 minutes)
csrf:
all: false
secret: "somethingSuperSecret"
ttl: 900
Specific form
In case when it's not required to secure all forms, it's possible just to put middleware just for particular handler. In that case, only POST request for that handler will be secured.
type (
routes struct {
someController *controller.SomeController
csrfMiddleware *interfaces.CsrfMiddleware
}
)
func (r *routes) Routes(registry *router.Registry) {
registry.HandlePost("some.handler", r.csrfMiddleware.Secured(r.someController.Handler))
}
Template
To add hidden input token into template, use template function:
!= csrfInput()
To add just token into template, use template function:
input(type="hidden" name="csrftoken" value=csrfToken())
Documentation
¶
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.