Skip to content

FiloSottile/csrf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
gorilla
gorilla
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
csrf.go
csrf.go
 
 
csrf_test.go
csrf_test.go
 
 
go.mod
go.mod
 
 

Repository files navigation

filippo.io/csrf

This package provides protection against Cross-Site Request Forgery (CSRF) attacks using modern browser Fetch metadata headers.

It requires no tokens or cookies, and works with all browsers since 2020.

package main import ( "net/http" "filippo.io/csrf" ) func main() { mux := http.NewServeMux() mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { fmt.Fprintf(w, "Hello, world!") }) protection := csrf.New() handler := protection.Handler(mux) http.ListenAndServe(":8080", handler) }

For full API documentation, including bypass mechanisms, see pkg.go.dev.

For more information on this approach, see the standard library proposal.

github.com/gorilla/csrf compatibility

The filippo.io/csrf/gorilla package provides a drop-in replacement for the github.com/gorilla/csrf package. It implements the same API, but uses the modern Fetch metadata headers instead of tokens and cookies.

Read the full package documentation for full migration details.

 import ( + csrf "filippo.io/csrf/gorilla" - "github.com/gorilla/csrf" )

About

filippo.io/csrf

Resources

Readme

License

View license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

40 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

3 tags

Sponsor this project

Languages