Documentation ¶
Overview ¶
Package atreugo_csrf is CSRF middleware library for atreugo
Index ¶
Constants ¶
View Source
const ( DefaultCSRFTokenHeader = "X-CSRF-TOKEN" DefaultCookieName = "_csrf" DefaultFormName = "_csrf" DefaultValidationMethod = "form" DefaultContextKey = "csrf" )
Variables ¶
View Source
var ( // DefaultCSRFConfig is default configuration of atreugo-csrf DefaultCSRFConfig = CSRFConfig{ TokenLength: 32, CookieSecure: true, CookieHttpOnly: true, CookieMaxAge: 60 * 60 * 24, CookieName: DefaultCookieName, HeaderName: DefaultCSRFTokenHeader, ValidationMethod: DefaultValidationMethod, ContextKey: DefaultContextKey, FormName: DefaultFormName, NotDefinedView: func(ctx *atreugo.RequestCtx) error { return ctx.TextResponse("CSRF not defined", 400) }, InvalidView: func(ctx *atreugo.RequestCtx) error { return ctx.TextResponse("Invalid CSRF token", 403) }, } )
Functions ¶
func CSRF ¶
func CSRF(ctx *atreugo.RequestCtx) error
CSRF function is a function used to use the default settings and is used to set the middleware of atreugo. Be sure to apply this middleware with `useBefore`.
func CSRFWithConfig ¶
func CSRFWithConfig(config *CSRFConfig) func(ctx *atreugo.RequestCtx) error
CSRFWithConfig function is a function used when using custom settings, and is used to set the middleware of atreugo. Be sure to apply this middleware with `useBefore`.
Types ¶
type CSRFConfig ¶
type CSRFConfig struct { // Specifies the length of the token. The default is 32. TokenLength uint8 // Set whether to support only encrypted communication for CSRF cookies. // We recommend that you keep this setting enabled in a production environment. CookieSecure bool // Set the CSRF cookie to HTTP only (not read by JavaScript). CookieHttpOnly bool // Specifies the cookie name that stores the CSRF token. CookieName string // Specifies the expiration date of the CSRF token cookie. CookieMaxAge uint // Specifies the path that the CSRF token cookie can use. CookiePath string // Specifies the domain in which the CSRF token cookie can be used. CookieDomain string // Specifies the header name used for validation using HTTP headers. HeaderName string // Specify the verification method. // Specify "form" when validating with a form, and "header" when validating with a header. // If in doubt, "form" will be applied. ValidationMethod string // Specifies the key name to save in context. ContextKey string // Specifies the name of the form to validate on the form. FormName string // Specifies a custom view when the CSRF token was not set. NotDefinedView atreugo.View // Specifies a custom view when CSRF token validation fails. InvalidView atreugo.View }
Click to show internal directories.
Click to hide internal directories.