Skip to content

empijei/csrf

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
csrf.go
csrf.go
 
 
csrf_test.go
csrf_test.go
 
 
go.mod
go.mod
 
 

Repository files navigation

filippo.io/csrf

This package provides protection against Cross-Site Request Forgery (CSRF) attacks using modern browser Fetch metadata headers.

It requires no tokens or cookies, and works with all browsers since 2020.

package main

import (
    "net/http"
    "filippo.io/csrf"
)

func main() {
    mux := http.NewServeMux()
    mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
        fmt.Fprintf(w, "Hello, world!")
    })

    protection := csrf.New()
    handler := protection.Handler(mux)
    
    http.ListenAndServe(":8080", handler)
}

For full API documentation, including bypass mechanisms, see pkg.go.dev.

For more information on this approach, see the standard library proposal.

About

filippo.io/csrf

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 100.0%