mirror of https://github.com/gofiber/fiber.git
8c3916dbf4
* feat: improved csrf with session support * fix: double submit cookie * feat: add warning cookie extractor without session * feat: add warning CsrfFromCookie SameSite * fix: use byes.Equal instead * fix: Overriden CookieName KeyLookup cookie:<name> * feat: Create helpers.go * feat: use compareTokens (constant time compare) * feat: validate cookie to prevent token injection * refactor: clean up csrf.go * docs: update comment about Double Submit Cookie * docs: update docs for CSRF changes * feat: add DeleteToken * refactor: no else * test: add more tests * refactor: re-order tests * docs: update safe methods RCF add note * test: add CSRF_Cookie_Injection_Exploit * feat: add SingleUseToken config * test: check for new token * docs: use warning * fix: always register type Token * feat: use UUIDv4 * test: swap in UUIDv4 here too * fix: raw token injection * fix: merege error * feat: Sentinel errors * chore: rename test * fix: url parse * test: add path to referer * test: add expiration tests * docs: add cookie prefix note * docs: fix typo * docs: add warning for refer checks * test: add referer edge cases And call ctx.Request.Reset() and ctx.Response.Reset() before re-using ctx. |
||
|---|---|---|
| .. | ||
| config.go | ||
| csrf.go | ||
| csrf_test.go | ||
| extractors.go | ||
| helpers.go | ||
| session_manager.go | ||
| storage_manager.go | ||
| storage_manager_msgp.go | ||
| token.go | ||