GOMODULES
/
fiber
mirror of https://github.com/gofiber/fiber.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixed cookie error in csrf.go

pull/1068/head
amalshaji 2020-12-10 10:45:21 +05:30
parent 9049720218
commit 86f258c4ae
3 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
middleware/csrf/README.md
View File

@ -1,21 +1,25 @@
# CSRF # CSRF
CSRF middleware for [Fiber](https://github.com/gofiber/fiber) that provides [Cross-site request forgery](https://en.wikipedia.org/wiki/Cross-site_request_forgery) protection by passing a csrf token via cookies. This cookie value will be used to compare against the client csrf token in POST requests. When the csrf token is invalid, this middleware will delete the `_csrf` cookie and return the `fiber.ErrForbidden` error. CSRF middleware for [Fiber](https://github.com/gofiber/fiber) that provides [Cross-site request forgery](https://en.wikipedia.org/wiki/Cross-site_request_forgery) protection by passing a csrf token via cookies. This cookie value will be used to compare against the client csrf token in POST requests. When the csrf token is invalid, this middleware will delete the `_csrf` cookie and return the `fiber.ErrForbidden` error.
CSRF Tokens are generated on GET requests. CSRF Tokens are generated on GET requests.
### Table of Contents ### Table of Contents
- [Signatures](#signatures) - [Signatures](#signatures)
- [Examples](#examples) - [Examples](#examples)
- [Config](#config) - [Config](#config)
- [Default Config](#default-config) - [Default Config](#default-config)
### Signatures ### Signatures
```go ```go
func New(config ...Config) fiber.Handler func New(config ...Config) fiber.Handler
``` ```
### Examples ### Examples
Import the middleware package that is part of the Fiber web framework Import the middleware package that is part of the Fiber web framework
```go ```go
import ( import (
"github.com/gofiber/fiber/v2" "github.com/gofiber/fiber/v2"
@ -24,6 +28,7 @@ import (
``` ```
After you initiate your Fiber app, you can use the following possibilities: After you initiate your Fiber app, you can use the following possibilities:
```go ```go
// Initialize default config // Initialize default config
app.Use(csrf.New()) app.Use(csrf.New())
@ -39,6 +44,7 @@ app.Use(csrf.New(csrf.Config{
``` ```
### Config ### Config
```go ```go
// Config defines the config for middleware. // Config defines the config for middleware.
type Config struct { type Config struct {
@ -60,7 +66,7 @@ type Config struct {
KeyLookup string KeyLookup string
// Name of the session cookie. This cookie will store session key. // Name of the session cookie. This cookie will store session key.
// Optional. Default value "_csrf". // Optional. Default value "csrf_".
CookieName string CookieName string
// Domain of the CSRF cookie. // Domain of the CSRF cookie.
@ -79,7 +85,7 @@ type Config struct {
// Optional. Default value false. // Optional. Default value false.
CookieHTTPOnly bool CookieHTTPOnly bool
// Indicates if CSRF cookie is HTTP only. // Indicates if CSRF cookie is requested by SameSite.
// Optional. Default value "Strict". // Optional. Default value "Strict".
CookieSameSite string CookieSameSite string
@ -107,6 +113,7 @@ type Config struct {
``` ```
### Default Config ### Default Config
```go ```go
var ConfigDefault = Config{ var ConfigDefault = Config{
KeyLookup: "header:X-Csrf-Token", KeyLookup: "header:X-Csrf-Token",

2
middleware/csrf/config.go
View File

@ -28,7 +28,7 @@ type Config struct {
KeyLookup string KeyLookup string
// Name of the session cookie. This cookie will store session key. // Name of the session cookie. This cookie will store session key.
// Optional. Default value "_csrf". // Optional. Default value "csrf_".
CookieName string CookieName string
// Domain of the CSRF cookie. // Domain of the CSRF cookie.

4
middleware/csrf/csrf.go
View File

@ -2,7 +2,6 @@ package csrf
import ( import (
"errors" "errors"
"fmt"
"net/textproto" "net/textproto"
"strings" "strings"
"time" "time"
@ -36,9 +35,6 @@ func New(config ...Config) fiber.Handler {
case "param": case "param":
extractor = csrfFromParam(selectors[1]) extractor = csrfFromParam(selectors[1])
case "cookie": case "cookie":
if selectors[1] == cfg.CookieName {
panic(fmt.Sprintf("KeyLookup key %s can't be the same as CookieName %s", selectors[1], cfg.CookieName))
}
extractor = csrfFromCookie(selectors[1]) extractor = csrfFromCookie(selectors[1])
} }