csrf

package module
v0.0.0-...-18b81b8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 27, 2023 License: MIT Imports: 10 Imported by: 0

README

CSRF

HTTP CSRF is a port of echo's CSRF middleware but for the http.

Documentation

Index

Constants

View Source 
const (
	// CSRFTokenNotFound defines the error for a Token not found
	CSRFTokenNotFound = "CSRF Token not found"

	// DefaultTokenLookup defines `X-CSRF-TOKEN` as the default token lookup
	DefaultTokenLookup = "X-CSRF-TOKEN"

	// InvalidCSRFToken defines the error for an invalid CSRF token
	InvalidCSRFToken = "Invalid token"
)

Variables

View Source 
var (
	// DefaultCSRFConfig is the default CSRF middleware config.
	DefaultCSRFConfig = CSRFConfig{
		TokenLength:  32,
		TokenLookup:  "header:" + DefaultTokenLookup,
		ContextKey:   "csrf",
		CookieName:   "_csrf",
		CookieMaxAge: 86400,
	}
)

Functions

func CSRF 

func CSRF(next http.Handler) http.Handler

CSRF returns a Cross-Site Request Forgery (CSRF) middleware. See: https://en.wikipedia.org/wiki/Cross-site_request_forgery

func CSRFWithConfig 

func CSRFWithConfig(config CSRFConfig) func(next http.Handler) http.Handler

CSRFWithConfig returns a CSRF middleware with config. See `CSRF(fasthttp.RequestHandler)`.

Types

type CSRFConfig 

type CSRFConfig struct {
	TokenLength uint8 `yaml:"token_length"`

	// TokenLookup is a string in the form of "<source>:<key>" that is used
	// to extract token from the request.
	// Optional. Default value "header:X-CSRF-Token".
	// Possible values:
	// - "header:<name>"
	// - "form:<name>"
	// - "query:<name>"
	TokenLookup string `yaml:"token_lookup"`

	// Context key to store generated CSRF token into context.
	// Optional. Default value "csrf".
	ContextKey string `yaml:"context_key"`

	// Name of the CSRF cookie. This cookie will store CSRF token.
	// Optional. Default value "csrf".
	CookieName string `yaml:"cookie_name"`

	// Domain of the CSRF cookie.
	// Optional. Default value none.
	CookieDomain string `yaml:"cookie_domain"`

	// Path of the CSRF cookie.
	// Optional. Default value none.
	CookiePath string `yaml:"cookie_path"`

	// Max age (in seconds) of the CSRF cookie.
	// Optional. Default value 86400 (24hr).
	CookieMaxAge int `yaml:"cookie_max_age"`

	// Indicates if CSRF cookie is secure.
	// Optional. Default value false.
	CookieSecure bool `yaml:"cookie_secure"`

	// Indicates if CSRF cookie is HTTP only.
	// Optional. Default value false.
	CookieHTTPOnly bool `yaml:"cookie_http_only"`
}

CSRFConfig defines the config for CSRF middleware

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.