Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSRF Tokens #23

Open
JeremyRubin opened this issue Aug 15, 2017 · 0 comments
Open

CSRF Tokens #23

JeremyRubin opened this issue Aug 15, 2017 · 0 comments
Labels
feature help wanted proposal

Comments

@JeremyRubin
Copy link

One thing which would be useful to add would be an ability to generate some kind of deterministic CSRF cookie.

Proper CSRF is a bit of a PITA, but it would make using gotham for real projects much easier, so it's probably worth having a default solution available.

I think a fairly clean solution would be to add:

trait CSRFProvider {
    fn get_csrf(&self, session) -> CSRFToken;
}
struct DefaultCSRFProvider;

And then pass around a Box<CSRFProvider>. This way a user can customize their CSRFProvider to use a token database or whatever if they don't like the default stateless implementation.

It would also be cool if you could make decoding with CSRF protection a derivable property :)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature help wanted proposal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bradleybeddoes @JeremyRubin @msrd0