csrf

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 13, 2025 License: MIT Imports: 2 Imported by: 0

Documentation

Overview

Copyright (c) 2024 Eli Janssen Use of this source code is governed by an MIT-style license that can be found in the LICENSE file.

Inspired by * https://github.com/golang/go/issues/73626 * https://github.com/tailscale/tailscale/pull/15735

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Protect 

func Protect(
	opts *Options,
) func(next http.Handler) http.Handler

Protect routes against CSRF attacks by requiring non-(GET|HEAD|OPTIONS) requests to specify the Sec-Fetch-Site header with the value "same-origin", or if Sec-Fetch-Site is missing, with an Origin header matching the hostname in the Host header.

Types

type Options 

type Options struct {
	// AllowSecFetchSiteSameSite specifies whether to allow requests with the
	// Sec-Fetch-Site header set to "same-site" indicating that they are
	// cross-origin but that their origin shares the same site (gTLD+1) with
	// that of the request.
	AllowSecFetchSiteSameSite bool
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.