Documentation
¶
Overview ¶
Package CSRF provides middleware for handling Cross-Site Request Forgery (CSRF) protection in web applications
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Middleware ¶
func Middleware(conf *Config) echo.MiddlewareFunc
Middleware creates the CSRF middleware from the provided config.
Types ¶
type Config ¶
type Config struct {
// Enabled indicates whether CSRF protection is enabled.
Enabled bool `json:"enabled" koanf:"enabled" default:"false"`
// Header specifies the header name to look for the CSRF token.
Header string `json:"header" koanf:"header" default:"X-CSRF-Token"`
// Cookie specifies the cookie name used to store the CSRF token.
Cookie string `json:"cookie" koanf:"cookie" default:"ol.csrf-token"`
// Secure sets the Secure flag on the CSRF cookie.
Secure bool `json:"secure" koanf:"secure" default:"true"`
// SameSite configures the SameSite attribute on the CSRF cookie. Valid
// values are "Lax", "Strict", "None" and "Default".
SameSite string `json:"samesite" koanf:"samesite" default:"Lax"`
// CookieHTTPOnly indicates whether the CSRF cookie is HTTP only.
CookieHTTPOnly bool `json:"cookiehttponly" koanf:"cookiehttponly" default:"false"`
// CookieDomain specifies the domain for the CSRF cookie, default to no domain
CookieDomain string `json:"cookiedomain" koanf:"cookiedomain" default:""`
// CookiePath specifies the path for the CSRF cookie, default to "/"
CookiePath string `json:"cookiepath" koanf:"cookiepath" default:"/"`
}
Config defines configuration for the CSRF middleware wrapper.
Source Files
Click to show internal directories.
Click to hide internal directories.