filippo.io/csrf

This package provides protection against Cross-Site Request Forgery (CSRF) attacks using modern browser Fetch metadata headers.

It requires no tokens or cookies, and works with all browsers since 2020.

package main

import (
    "net/http"
    "filippo.io/csrf"
)

func main() {
    mux := http.NewServeMux()
    mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
        fmt.Fprintf(w, "Hello, world!")
    })

    protection := csrf.New()
    handler := protection.Handler(mux)
    
    http.ListenAndServe(":8080", handler)
}

For full API documentation, including bypass mechanisms, see pkg.go.dev.

For more information on this approach, see the standard library proposal.

github.com/gorilla/csrf compatibility

The filippo.io/csrf/gorilla package provides a drop-in replacement for the github.com/gorilla/csrf package. It implements the same API, but uses the modern Fetch metadata headers instead of tokens and cookies.

Read the full package documentation for full migration details.

 import (
+    csrf "filippo.io/csrf/gorilla"
-    "github.com/gorilla/csrf"
 )

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
gorilla		gorilla
LICENSE		LICENSE
README.md		README.md
csrf.go		csrf.go
csrf_test.go		csrf_test.go
go.mod		go.mod

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Repository files navigation

filippo.io/csrf

github.com/gorilla/csrf compatibility

About

Uh oh!

Releases

Sponsor this project

Uh oh!

Uh oh!

Languages

Uh oh!

License

FiloSottile/csrf

Folders and files

Latest commit

History

Repository files navigation

filippo.io/csrf

github.com/gorilla/csrf compatibility

About

Resources

License

Code of conduct

Contributing

Security policy

Uh oh!

Stars

Watchers

Forks

Releases

Sponsor this project

Uh oh!

Uh oh!

Languages