MCPcopy
hub / github.com/labstack/echo / CSRFConfig

Struct CSRFConfig

middleware/csrf.go:26–98  ·  view source on GitHub ↗

CSRFConfig defines the config for CSRF middleware.

Source from the content-addressed store, hash-verified

24
25// CSRFConfig defines the config for CSRF middleware.
26type CSRFConfig struct {
27 // Skipper defines a function to skip middleware.
28 Skipper Skipper
29 // TrustedOrigins permits any request with `Sec-Fetch-Site` header whose `Origin` header
30 // exactly matches a configured origin.
31 // Values should be formatted as Origin header "scheme://host[:port]".
32 //
33 // See [Origin]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin
34 // See [Sec-Fetch-Site]: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#fetch-metadata-headers
35 TrustedOrigins []string
36
37 // AllowSecFetchSiteFunc allows custom behaviour for `Sec-Fetch-Site` requests that are about to
38 // fail with CSRF error, to be allowed or replaced with custom error.
39 // This function applies to `Sec-Fetch-Site` values:
40 // - `same-site` same registrable domain (subdomain and/or different port)
41 // - `cross-site` request originates from different site
42 // See [Sec-Fetch-Site]: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#fetch-metadata-headers
43 AllowSecFetchSiteFunc func(c *echo.Context) (bool, error)
44
45 // TokenLength is the length of the generated token.
46 TokenLength uint8
47 // Optional. Default value 32.
48
49 // TokenLookup is a string in the form of "<source>:<name>" or "<source>:<name>,<source>:<name>" that is used
50 // to extract token from the request.
51 // Optional. Default value "header:X-CSRF-Token".
52 // Possible values:
53 // - "header:<name>" or "header:<name>:<cut-prefix>"
54 // - "query:<name>"
55 // - "form:<name>"
56 // Multiple sources example:
57 // - "header:X-CSRF-Token,query:csrf"
58 TokenLookup string `yaml:"token_lookup"`
59
60 // Generator defines a function to generate token.
61 // Optional. Defaults tp randomString(TokenLength).
62 Generator func() string
63
64 // Context key to store generated CSRF token into context.
65 // Optional. Default value "csrf".
66 ContextKey string
67
68 // Name of the CSRF cookie. This cookie will store CSRF token.
69 // Optional. Default value "csrf".
70 CookieName string
71
72 // Domain of the CSRF cookie.
73 // Optional. Default value none.
74 CookieDomain string
75
76 // Path of the CSRF cookie.
77 // Optional. Default value none.
78 CookiePath string
79
80 // Max age (in seconds) of the CSRF cookie.
81 // Optional. Default value 86400 (24hr).
82 CookieMaxAge int
83

Callers

nothing calls this directly

Calls

no outgoing calls

Tested by

no test coverage detected