fiber

mirror of https://github.com/gofiber/fiber.git synced 2025-05-31 11:52:41 +00:00

Author	SHA1	Message	Date
Jason McNeil	fcb853788b	feat(middleware/csrf): Add support for trusted origins (#2910 ) * feat(middleware/csrf): Add support for trusted origins in CSRF middleware * fix(middleware/csrf): lint errors * docs(middleware/csrf): following the ai * fix(middleware/csrf): isSameSchemeAndDomain * fix(middleware/csrf): null origin expand tests to check invalid urls in headers * chore(middleware/csrf): Sentinel Errors test(middleware/csrf): improve coverage * docs: add extra space between sentences. Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * chore(middleware/csrf): remove trailing newline in csrf_test.go --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>	2024-03-10 17:35:55 +01:00
RW	389e63d2c2	Update csrf.md fix readme example	2024-02-10 19:51:20 +01:00
nickajacks1	97da409533	🎨 Style!: Update CSRF and Limiter to remove repetitive names (#2846 ) chore!: Update CSRF and Limiter to remove repetitive names The `exported` rule of revive warns to not repeat the package name in method names. For example, prefer `csrf.FromCookie` over `csrf.CsrfFromCookie`. This is a breaking change for v3. It appears that these issues will not be caught by the linter until the `exported` rule is reenabled. This requires comments on all exported symbols, which is a much broader effort.	2024-02-10 19:50:29 +01:00
Muhammed Efe Cetin	1588b6b602	Merge remote-tracking branch 'origin/master'	2024-01-13 18:26:07 +03:00
René Werner	96344abbd8	change golang pkg for docs	2024-01-08 16:42:07 +01:00
nickajacks1	956b66d95f	📚 Doc: Update handler signature for v3 (#2794 ) 📚 Doc: fix handler signature for v3	2024-01-08 16:31:15 +01:00
Jason McNeil	2954e3bbae	♻️ v3: fix!: ContextKey collisions (#2781 ) * fix: ContextKey collisions * fix(logger): lint error * docs(csrf): fix potential range error in example	2024-01-04 09:44:45 +01:00
Jason McNeil	2374cad3cd	📄 docs: improve csrf docs (#2726 ) * docs: improve csrf docs - fix issues with `X-Csrf-Token` capitalization inconsistency. - reduce redundancy and repetition. - improve grammar. * docs: update middleware description * docs: within vs in * docs: deleting tokens * docs: MUST * docs: add colon * docs: all modern browsers * docs: patterns * docs: improve phrasing of pattern options	2023-11-16 12:34:31 +01:00
Jason McNeil	4bf3695125	📄 docs: enhance csrf.md (#2692 ) * docs: enhance csrf.md * docs: simplify language * docs: update csrf.md * docs: delete token/session reminders * docs: and ! or	2023-10-27 13:45:30 +02:00
RW	6f0d34d39e	Update csrf.md	2023-10-16 14:31:28 +02:00
Jason McNeil	8c3916dbf4	Merge pull request from GHSA-94w9-97p3-p368 * feat: improved csrf with session support * fix: double submit cookie * feat: add warning cookie extractor without session * feat: add warning CsrfFromCookie SameSite * fix: use byes.Equal instead * fix: Overriden CookieName KeyLookup cookie:<name> * feat: Create helpers.go * feat: use compareTokens (constant time compare) * feat: validate cookie to prevent token injection * refactor: clean up csrf.go * docs: update comment about Double Submit Cookie * docs: update docs for CSRF changes * feat: add DeleteToken * refactor: no else * test: add more tests * refactor: re-order tests * docs: update safe methods RCF add note * test: add CSRF_Cookie_Injection_Exploit * feat: add SingleUseToken config * test: check for new token * docs: use warning * fix: always register type Token * feat: use UUIDv4 * test: swap in UUIDv4 here too * fix: raw token injection * fix: merege error * feat: Sentinel errors * chore: rename test * fix: url parse * test: add path to referer * test: add expiration tests * docs: add cookie prefix note * docs: fix typo * docs: add warning for refer checks * test: add referer edge cases And call ctx.Request.Reset() and ctx.Response.Reset() before re-using ctx.	2023-10-16 09:06:30 +02:00
Jason McNeil	b50d91d58e	Merge pull request from GHSA-94w9-97p3-p368 * feat: improved csrf with session support * fix: double submit cookie * feat: add warning cookie extractor without session * feat: add warning CsrfFromCookie SameSite * fix: use byes.Equal instead * fix: Overriden CookieName KeyLookup cookie:<name> * feat: Create helpers.go * feat: use compareTokens (constant time compare) * feat: validate cookie to prevent token injection * refactor: clean up csrf.go * docs: update comment about Double Submit Cookie * docs: update docs for CSRF changes * feat: add DeleteToken * refactor: no else * test: add more tests * refactor: re-order tests * docs: update safe methods RCF add note * test: add CSRF_Cookie_Injection_Exploit * feat: add SingleUseToken config * test: check for new token * docs: use warning * fix: always register type Token * feat: use UUIDv4 * test: swap in UUIDv4 here too	2023-10-11 14:41:42 +02:00
René Werner	443804e95d	improved the config section of the middleware readme´s	2023-07-24 17:03:11 +02:00
RW	51ea636b60	improved the config section of the middleware readme´s (#2552 )	2023-07-24 16:46:50 +02:00
cmd777	8b1f9260a3	📚 Docs: Fix typos, and make middleware documentation more consistent (#2408 ) Fix typos, and make docs more consistent This fixes several typos in the ISSUE_TEMPLATES, as well as improve their readability, also makes the documentation markdowns more consistent	2023-04-10 10:48:12 +08:00
René Werner	1f52799686	Refresh middleware documentation	2023-03-24 13:23:52 +01:00
M. Efe Çetin	b3643198f8	📝 docs: automated synchronization with `gofiber/docs` (#2344 ) Automated Synchronization with gofiber/docs repo	2023-02-25 10:29:07 +01:00

17 Commits