Documentation ¶
Index ¶
- Constants
- Variables
- func MustSet(c context.Context, t *Token)
- func Set(c context.Context, t *Token) error
- type ChangeCsrfHandler
- type Configurer
- type CsrfDeniedHandler
- type Feature
- func (f *Feature) AddCsrfProtectionMatcher(m web.RequestMatcher) *Feature
- func (f *Feature) CsrfDeniedHandler(csrfDeniedHandler security.AccessDeniedHandler) *Feature
- func (f *Feature) Identifier() security.FeatureIdentifier
- func (f *Feature) IgnoreCsrfProtectionMatcher(m web.RequestMatcher) *Feature
- type SessionBackedStore
- type Token
- type TokenStore
Constants ¶
View Source
const SessionKeyCsrfToken = "CsrfToken"
Variables ¶
View Source
var DefaultIgnoreMatcher = matcher.NoneRequest()
View Source
var DefaultProtectionMatcher = matcher.NotRequest(matcher.RequestWithMethods("GET", "HEAD", "TRACE", "OPTIONS"))
View Source
var FeatureId = security.FeatureId("csrf", security.FeatureOrderCsrf)
View Source
var Module = &bootstrap.Module{ Name: "csrf", Precedence: security.MinSecurityPrecedence + 20, Options: []fx.Option{ fx.Invoke(register), }, }
Functions ¶
Types ¶
type ChangeCsrfHandler ¶
type ChangeCsrfHandler struct {
// contains filtered or unexported fields
}
func (*ChangeCsrfHandler) HandleAuthenticationSuccess ¶
func (h *ChangeCsrfHandler) HandleAuthenticationSuccess(c context.Context, _ *http.Request, _ http.ResponseWriter, from, to security.Authentication)
type Configurer ¶
type Configurer struct { }
func (*Configurer) Apply ¶
func (sc *Configurer) Apply(feature security.Feature, ws security.WebSecurity) error
type CsrfDeniedHandler ¶
type CsrfDeniedHandler struct {
// contains filtered or unexported fields
}
func (*CsrfDeniedHandler) HandleAccessDenied ¶
func (h *CsrfDeniedHandler) HandleAccessDenied(c context.Context, r *http.Request, rw http.ResponseWriter, err error)
HandleAccessDenied implement security.AccessDeniedHandler
func (*CsrfDeniedHandler) Order ¶
func (h *CsrfDeniedHandler) Order() int
Order implement order.Ordered
type Feature ¶
type Feature struct {
// contains filtered or unexported fields
}
func Configure ¶
func Configure(ws security.WebSecurity) *Feature
func (*Feature) AddCsrfProtectionMatcher ¶
func (f *Feature) AddCsrfProtectionMatcher(m web.RequestMatcher) *Feature
func (*Feature) CsrfDeniedHandler ¶
func (f *Feature) CsrfDeniedHandler(csrfDeniedHandler security.AccessDeniedHandler) *Feature
func (*Feature) Identifier ¶
func (f *Feature) Identifier() security.FeatureIdentifier
func (*Feature) IgnoreCsrfProtectionMatcher ¶
func (f *Feature) IgnoreCsrfProtectionMatcher(m web.RequestMatcher) *Feature
type SessionBackedStore ¶
type SessionBackedStore struct { }
type Token ¶
type Token struct { Value string // the HTTP parameter that the CSRF token can be placed on request ParameterName string // the HTTP header that the CSRF can be placed on requests instead of the parameter. HeaderName string }
Token CSRF token with value and other useful metadata *
The header name and parameter name are part of the token in case some components down the line needs them. For example, if the token is used as a hidden variable in a form, the parameter name would be needed.
type TokenStore ¶
type TokenStore interface { Generate(c context.Context, parameterName string, headerName string) *Token SaveToken(c context.Context, token *Token) error LoadToken(c context.Context) (*Token, error) }
TokenStore *
The store is responsible for reading the CSRF token associated to the request. How the CSRF token is associated to the request is the implementation's discretion. The store is responsible for writing to the response header if necessary for example, if the store implementation is based on cookies, then the save method would write (save) the token as a cookie header.
Click to show internal directories.
Click to hide internal directories.