Crate actix_csrf_middleware

Structs§

CsrfDoubleSubmitCookie: Cookie flags for tokens when using the Double-Submit Cookie pattern.
CsrfMiddleware: Actix Web middleware providing CSRF protection.
CsrfMiddlewareConfig: Configuration for CsrfMiddleware.
CsrfMiddlewareService
CsrfResponse
CsrfToken: Extractor for the current CSRF token.

CSRF_PRE_SESSION_KEY: Cookie name of pre-session generated by CsrfMiddleware for allowed unauthorized routes that need to mutate data when there’s not authorized user yet. For example in cases such as registration, login or newsletter subscription.
DEFAULT_CSRF_ANON_TOKEN_KEY: Cookie name used to store the anonymous (pre-session) token
DEFAULT_CSRF_TOKEN_FIELD: Csrf token field name in application/x-www-form-urlencoded or application/json body. CsrfMiddleware will try to extract a token from that field.
DEFAULT_CSRF_TOKEN_HEADER
DEFAULT_CSRF_TOKEN_KEY: Cookie name or actix-session key used to store the authorized (session-bound) token
DEFAULT_SESSION_ID_KEY: Key of user session created outside the middleware. It’s cookie name or actix-session key depending on enabled session feature and middleware core will extract value by this key to use this unique session id in HMAC hashes. That’s how CsrfMiddleware can be integrated into existing applications that already have authorization logic.

CsrfRequestExt: Extension trait for Actix HttpRequest to rotate the CSRF token in a response.

eq_tokens: Constant-time equality for token byte slices.
generate_hmac_token_ctx: Generates an HMAC-protected CSRF token bound to a context and identifier.
generate_random_token: Generates a cryptographically secure random CSRF token.
rotate_csrf_token_in_response: Rotates the CSRF token and writes any necessary cookie updates to the response.
validate_hmac_token: Convenience helper to validate an authorized-class CSRF token.
validate_hmac_token_ctx: Verifies an HMAC-protected CSRF token for a given class and identifier.