csrf

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 5, 2026 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package csrf provides a double-submit-cookie CSRF middleware for VULN-008.

Flow:

  1. Middleware issues a signed token cookie (_csrf) on every request.
  2. For mutating methods (POST/PUT/PATCH/DELETE) it validates the token from the X-CSRF-Token header (HTMX) or the _csrf form field.
  3. TokenFromContext exposes the token to templ components via context.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Middleware 

func Middleware(key []byte, secure bool, sessionToken SessionTokenGetter) func(http.Handler) http.Handler

Middleware generates or reuses a signed CSRF token, stores it in a SameSite=Strict cookie and in the request context, and validates it on mutating requests. If sessionToken is provided and returns a non-empty value, the token MAC is additionally bound to that session token.

func TokenFromContext 

func TokenFromContext(ctx context.Context) string

TokenFromContext returns the CSRF token injected by Middleware. Call this from templ components to populate hidden form inputs.

Types

type SessionTokenGetter added in v1.0.1 

type SessionTokenGetter func(*http.Request) string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.