CsrfMiddlewareConfig

actix_csrf_middleware

Struct CsrfMiddlewareConfig 

Source 
pub struct CsrfMiddlewareConfig {
Show 13 fields
    pub pattern: CsrfPattern,
    pub manual_multipart: bool,
    pub session_id_cookie_name: String,
    pub token_cookie_name: String,
    pub anon_token_cookie_name: String,
    pub token_form_field: String,
    pub token_header_name: String,
    pub token_cookie_config: Option<CsrfDoubleSubmitCookie>,
    pub secret_key: Zeroizing<Vec<u8>>,
    pub skip_for: Vec<String>,
    pub enforce_origin: bool,
    pub allowed_origins: Vec<String>,
    pub max_body_bytes: usize,

}
Expand description

Configuration for CsrfMiddleware.

Choose a CSRF defense pattern and adjust behavior such as token locations, cookie names, content-type handling, and origin checks.

§Defaults

§Security

  • When using Double-Submit Cookie, ensure the token cookie is readable by the client (i.e., http_only must be false) so it can be mirrored into the header.
  • Consider enabling strict Origin/Referer enforcement with with_enforce_origin to mitigate CSRF even if a token leaks.
  • Avoid allowing multipart/form-data unless you can handle token extraction manually.

§Examples

Basic Double-Submit Cookie configuration:

use actix_csrf_middleware::{CsrfMiddlewareConfig, CsrfDoubleSubmitCookie};
use actix_web::cookie::SameSite;

let secret = b"at-least-32-bytes-of-secret-key-material...";
let cfg = CsrfMiddlewareConfig::double_submit_cookie(secret)
    .with_enforce_origin(true, vec!["https://example.com".to_string()])
    .with_token_cookie_config(CsrfDoubleSubmitCookie {
        http_only: false, // must be false for Double-Submit
        secure: true,
        same_site: SameSite::Lax,
    });

Fields§

§pattern: CsrfPattern§manual_multipart: bool§session_id_cookie_name: String§token_cookie_name: String

Authorized (session-bound) tokens

§anon_token_cookie_name: String

Anonymous (pre-session) tokens

§token_form_field: String§token_header_name: String§token_cookie_config: Option<CsrfDoubleSubmitCookie>§secret_key: Zeroizing<Vec<u8>>§skip_for: Vec<String>§enforce_origin: bool

Enforce Origin/Referer checks for mutating requests

§allowed_origins: Vec<String>

Allowed origins (scheme://host[:port]) when enforce_origin = true

§max_body_bytes: usize

Maximum allowed body bytes to read when extracting CSRF tokens from body (POST/PUT/PATCH/DELETE)

Implementations§

Source§

impl CsrfMiddlewareConfig

Constructs a configuration for the Double-Submit Cookie pattern.

The CSRF token is placed in a cookie and echoed by clients in a header or form field. The token’s integrity is protected by an HMAC bound to the session id and the token.

§Examples
use actix_csrf_middleware::{CsrfMiddleware, CsrfMiddlewareConfig};
use actix_web::{App};

let secret = b"a-very-long-application-secret-key-of-32+bytes";
let cfg = CsrfMiddlewareConfig::double_submit_cookie(secret);
let app = App::new().wrap(CsrfMiddleware::new(cfg));
Source

pub fn with_multipart(self, multipart: bool) -> Self

Controls whether multipart/form-data requests are allowed to pass through.

When set to true, the middleware does not attempt to extract the CSRF token from a multipart body. Your handler must read and validate the token manually.

Defaults to false for safety.

Source

pub fn with_max_body_bytes(self, limit: usize) -> Self

Sets the maximum number of request body bytes read when searching for a CSRF token in JSON or application/x-www-form-urlencoded bodies.

Defaults to 2 MiB.

Overrides cookie flags for token cookies (Double-Submit Cookie pattern).

For Double-Submit Cookie, http_only must be false so client-side code can read the cookie value and mirror it into a header or form field.

Source

pub fn with_skip_for(self, patches: Vec<String>) -> Self

Skips CSRF validation for requests whose path starts with any of the given prefixes.

Useful for health checks or public webhooks where CSRF is not applicable.

Source

pub fn with_enforce_origin(self, enforce: bool, allowed: Vec<String>) -> Self

Enables strict Origin/Referer checks for mutating requests and sets the allowed origins.

Origins are compared strictly by scheme, host, and port. If allowed is empty and enforce is true, all mutating requests are rejected.

Example enabling enforcement for a single origin:

use actix_csrf_middleware::CsrfMiddlewareConfig;

let cfg = CsrfMiddlewareConfig::double_submit_cookie(b"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
    .with_enforce_origin(true, vec!["https://example.com".to_string()]);

Trait Implementations§

Source§

impl Clone for CsrfMiddlewareConfig

Source§

fn clone(&self) -> CsrfMiddlewareConfig

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> ErasedDestructor for T
where T: 'static,