GOMODULES/fiber
1
0
Fork 0
mirror of https://github.com/gofiber/fiber.git synced 2025-05-31 11:52:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,652 Commits 42 Branches 130 Tags
Commit Graph

9 Commits

Author SHA1 Message Date
Jason McNeil
4bf3695125
📄 docs: enhance csrf.md (#2692) 
* docs: enhance csrf.md

* docs: simplify language

* docs: update csrf.md

* docs: delete token/session reminders

* docs: and ! or
 2023-10-27 13:45:30 +02:00
RW
6f0d34d39e
Update csrf.md 2023-10-16 14:31:28 +02:00
Jason McNeil
8c3916dbf4
Merge pull request from GHSA-94w9-97p3-p368 
* feat: improved csrf with session support

* fix: double submit cookie

* feat: add warning cookie extractor without session

* feat: add warning CsrfFromCookie SameSite

* fix: use byes.Equal instead

* fix: Overriden CookieName KeyLookup cookie:<name>

* feat: Create helpers.go

* feat: use compareTokens (constant time compare)

* feat: validate cookie to prevent token injection

* refactor: clean up csrf.go

* docs: update comment about Double Submit Cookie

* docs: update docs for CSRF changes

* feat: add DeleteToken

* refactor: no else

* test: add more tests

* refactor: re-order tests

* docs: update safe methods RCF add note

* test: add CSRF_Cookie_Injection_Exploit

* feat: add SingleUseToken config

* test: check for new token

* docs: use warning

* fix: always register type Token

* feat: use UUIDv4

* test: swap in UUIDv4 here too

* fix: raw token injection

* fix: merege error

* feat: Sentinel errors

* chore: rename test

* fix: url parse

* test: add path to referer

* test: add expiration tests

* docs: add cookie prefix note

* docs: fix typo

* docs: add warning for refer checks

* test: add referer edge cases

And call ctx.Request.Reset() and
ctx.Response.Reset() before re-using ctx.
 2023-10-16 09:06:30 +02:00
Jason McNeil
b50d91d58e
Merge pull request from GHSA-94w9-97p3-p368 
* feat: improved csrf with session support

* fix: double submit cookie

* feat: add warning cookie extractor without session

* feat: add warning CsrfFromCookie SameSite

* fix: use byes.Equal instead

* fix: Overriden CookieName KeyLookup cookie:<name>

* feat: Create helpers.go

* feat: use compareTokens (constant time compare)

* feat: validate cookie to prevent token injection

* refactor: clean up csrf.go

* docs: update comment about Double Submit Cookie

* docs: update docs for CSRF changes

* feat: add DeleteToken

* refactor: no else

* test: add more tests

* refactor: re-order tests

* docs: update safe methods RCF add note

* test: add CSRF_Cookie_Injection_Exploit

* feat: add SingleUseToken config

* test: check for new token

* docs: use warning

* fix: always register type Token

* feat: use UUIDv4

* test: swap in UUIDv4 here too
 2023-10-11 14:41:42 +02:00
René Werner
443804e95d improved the config section of the middleware readme´s 2023-07-24 17:03:11 +02:00
RW
51ea636b60
improved the config section of the middleware readme´s (#2552) 2023-07-24 16:46:50 +02:00
cmd777
8b1f9260a3
📚 Docs: Fix typos, and make middleware documentation more consistent (#2408) 
Fix typos, and make docs more consistent
This fixes several typos in the ISSUE_TEMPLATES, as well as improve
their readability, also makes the documentation markdowns more
consistent
 2023-04-10 10:48:12 +08:00
René Werner
1f52799686 Refresh middleware documentation 2023-03-24 13:23:52 +01:00
M. Efe Çetin
b3643198f8
📝 docs: automated synchronization with gofiber/docs (#2344) 
Automated Synchronization with gofiber/docs repo
 2023-02-25 10:29:07 +01:00