mirror of https://github.com/gofiber/fiber.git
8c3916dbf4
* feat: improved csrf with session support * fix: double submit cookie * feat: add warning cookie extractor without session * feat: add warning CsrfFromCookie SameSite * fix: use byes.Equal instead * fix: Overriden CookieName KeyLookup cookie:<name> * feat: Create helpers.go * feat: use compareTokens (constant time compare) * feat: validate cookie to prevent token injection * refactor: clean up csrf.go * docs: update comment about Double Submit Cookie * docs: update docs for CSRF changes * feat: add DeleteToken * refactor: no else * test: add more tests * refactor: re-order tests * docs: update safe methods RCF add note * test: add CSRF_Cookie_Injection_Exploit * feat: add SingleUseToken config * test: check for new token * docs: use warning * fix: always register type Token * feat: use UUIDv4 * test: swap in UUIDv4 here too * fix: raw token injection * fix: merege error * feat: Sentinel errors * chore: rename test * fix: url parse * test: add path to referer * test: add expiration tests * docs: add cookie prefix note * docs: fix typo * docs: add warning for refer checks * test: add referer edge cases And call ctx.Request.Reset() and ctx.Response.Reset() before re-using ctx. |
||
|---|---|---|
| .. | ||
| adaptor | ||
| basicauth | ||
| cache | ||
| compress | ||
| cors | ||
| csrf | ||
| earlydata | ||
| encryptcookie | ||
| envvar | ||
| etag | ||
| expvar | ||
| favicon | ||
| filesystem | ||
| helmet | ||
| idempotency | ||
| keyauth | ||
| limiter | ||
| logger | ||
| monitor | ||
| pprof | ||
| proxy | ||
| recover | ||
| redirect | ||
| requestid | ||
| rewrite | ||
| session | ||
| skip | ||
| timeout | ||