Jason McNeil
e17bab7946
Refactor CSRF middleware and enhance documentation ( #3598 )
...
Co-authored-by: RW <rene@gofiber.io>
2025-07-19 20:11:33 +02:00
Juan Calderon-Perez
8c3f81e2b7
v3: Use Named Fields Instead of Positional and Align Structures to Reduce Memory Usage ( #3079 )
...
* Use composites for internal structures. Fix alignment of structures across Fiber
* Update struct alignment in test files
* Enable alignment check with govet
* Fix ctx autoformat unit-test
* Revert app Config struct. Add betteralign to Makefile
* Disable comment on alert since it wont work for forks
* Update benchmark.yml
* Update benchmark.yml
* Remove warning from using positional fields
* Update router.go
2024-07-23 08:37:45 +02:00
René Werner
bb90fc1187
fix lint errors
2023-10-11 15:16:35 +02:00
Jason McNeil
b50d91d58e
Merge pull request from GHSA-94w9-97p3-p368
...
* feat: improved csrf with session support
* fix: double submit cookie
* feat: add warning cookie extractor without session
* feat: add warning CsrfFromCookie SameSite
* fix: use byes.Equal instead
* fix: Overriden CookieName KeyLookup cookie:<name>
* feat: Create helpers.go
* feat: use compareTokens (constant time compare)
* feat: validate cookie to prevent token injection
* refactor: clean up csrf.go
* docs: update comment about Double Submit Cookie
* docs: update docs for CSRF changes
* feat: add DeleteToken
* refactor: no else
* test: add more tests
* refactor: re-order tests
* docs: update safe methods RCF add note
* test: add CSRF_Cookie_Injection_Exploit
* feat: add SingleUseToken config
* test: check for new token
* docs: use warning
* fix: always register type Token
* feat: use UUIDv4
* test: swap in UUIDv4 here too
2023-10-11 14:41:42 +02:00
