Crate actix_csrf_middleware

Structs§

CsrfPattern: CsrfPattern allows use to configure CsrfMiddleware to read and store csrf tokens and user sessions in client’s browser cookie or in any persistent storage like Redis, Postgres or in-memory that implements actix_session::storage::SessionStore trait if you have enabled session feature.
CsrfTokenValidator
TokenClass

CSRF_PRE_SESSION_KEY: Cookie name of pre-session generated by CsrfMiddleware for allowed unauthorized routes that need to mutate data when there’s not authorized user yet. For example in cases such as registration, login or newsletter subscription.
DEFAULT_CSRF_ANON_TOKEN_KEY: Cookie name used to store the anonymous (pre-session) token
DEFAULT_CSRF_TOKEN_FIELD: Csrf token field name in application/x-www-form-urlencoded or application/json body. CsrfMiddleware will try to extract a token from that field.
DEFAULT_CSRF_TOKEN_HEADER
DEFAULT_CSRF_TOKEN_KEY: Cookie name or actix-session key used to store the authorized (session-bound) token
DEFAULT_SESSION_ID_KEY: Key of user session created outside the middleware. It’s cookie name or actix-session key depending on enabled session feature and middleware core will extract value by this key to use this unique session id in HMAC hashes. That’s how CsrfMiddleware can be integrated into existing applications that already have authorization logic.

CsrfRequestExt: Extension trait for Actix HttpRequest to rotate CSRF token without passing the config explicitly.