Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
application
interfaces
.travis.yml
Readme.md
go.mod
go.sum
module.go

Readme.md

CSRF Prevention Filter

This package provides middleware for CSRF security prevention (Cross-Site Request Forgery).

Configuration

By default, there are three parameters supported by module:

  • "all" - defines if all POST forms should be CSRF secured (default is false)
  • "secret" - defines key for AES encryption (16, 24 or 32 bytes for AES-128, AES-192 or AES-256)
  • "ttl" - defines max time (in seconds) validation for some token (default is 15 minutes)
csrf:
  all: false
  secret: "somethingSuperSecret"
  ttl: 900

Specific form

In case when it's not required to secure all forms, it's possible just to put middleware just for particular handler. In that case, only POST request for that handler will be secured.

type (
  routes struct {
    someController  *controller.SomeController
    csrfMiddleware  *interfaces.CsrfMiddleware
  }
)

func (r *routes) Routes(registry *router.Registry) {
  registry.HandlePost("some.handler", r.csrfMiddleware.Secured(r.someController.Handler))
}

Template

To add hidden input token into template, use template function:

!= csrfInput()

To add just token into template, use template function:

input(type="hidden" name="csrftoken" value=csrfToken())
You can’t perform that action at this time.