xsrfangular

package

v0.0.0-...-f115076 Latest Latest Go to latest Published: Apr 20, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/go-safeweb

Links

Open Source Insights

Documentation ¶

Overview ¶

Package xsrfangular provides a safehttp.Interceptor that ensures Cross-Site Request Forgery protection for Angular applications by verifying the incoming requests, rejecting those requests that are suspected to be part of an attack.

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Interceptor ¶

type Interceptor struct {
	// TokenCookieName is the name of the session cookie that holds the XSRF token.
	TokenCookieName string
	// TokenHeaderName is the name of the HTTP header that holds the XSRF token.
	TokenHeaderName string
}

Interceptor provides protection against Cross-Site Request Forgery attacks for Angular's XHR requests.

See https://docs.angularjs.org/api/ng/service/$http#cross-site-request-forgery-xsrf-protection for more details.

func Default ¶

func Default() *Interceptor

Default creates an Interceptor with TokenCookieName set to XSRF-TOKEN and TokenHeaderName set to X-XSRF-TOKEN, their default values. However, in order to prevent collisions when multiple applications share the same domain or subdomain, each application should set a unique name for the cookie.

See https://docs.angularjs.org/api/ng/service/$http#cross-site-request-forgery-xsrf-protection for more details.

func (*Interceptor) Before ¶

func (it *Interceptor) Before(w safehttp.ResponseWriter, r *safehttp.IncomingRequest, _ safehttp.InterceptorConfig) safehttp.Result

Before checks for the presence of a matching XSRF token, generated on the first page access, in both a cookie and a header. Their names should be set when the Interceptor is created.

func (*Interceptor) Commit ¶

func (it *Interceptor) Commit(w safehttp.ResponseHeadersWriter, r *safehttp.IncomingRequest, resp safehttp.Response, _ safehttp.InterceptorConfig)

Commit generates a cryptographically secure random cookie on the first state preserving request (GET, HEAD or OPTION) and sets it in the response. On every subsequent request the cookie is expected alongside a header that matches its value.

func (*Interceptor) Match ¶

func (*Interceptor) Match(safehttp.InterceptorConfig) bool

Match returns false since there are no supported configurations.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL