Structs§
- Csrf
Double Submit Cookie - Cookie flags for tokens when using the Double-Submit Cookie pattern.
- Csrf
Middleware - Actix Web middleware providing CSRF protection.
- Csrf
Middleware Config - Configuration for
CsrfMiddleware. - Csrf
Middleware Service - Csrf
Response - Csrf
Token - Extractor for the current CSRF token.
Enums§
- Csrf
Pattern - CSRF defense patterns supported by
CsrfMiddleware. - Csrf
Token Validator - Token
Class - Classification of CSRF tokens by context.
Constants§
- CSRF_
PRE_ SESSION_ KEY - Name of the pre-session cookie minted by the middleware for unauthenticated flows.
- DEFAULT_
CSRF_ ANON_ TOKEN_ KEY - Default cookie name for anonymous (pre-session) tokens in the Double-Submit Cookie pattern.
- DEFAULT_
CSRF_ TOKEN_ FIELD - Default field name used to extract the CSRF token from request bodies.
- DEFAULT_
CSRF_ TOKEN_ HEADER - Default header name that carries the CSRF token.
- DEFAULT_
CSRF_ TOKEN_ KEY - Default name of the authorized CSRF token bucket.
- DEFAULT_
SESSION_ ID_ KEY - Default name of the session id cookie used to bind tokens and detect authorization state.
Traits§
- Csrf
Request Ext - Extension trait for Actix
HttpRequestto rotate the CSRF token in a response.
Functions§
- eq_
tokens - Constant-time equality for token byte slices.
- generate_
hmac_ token_ ctx - Generates an HMAC-protected CSRF token bound to a context and identifier.
- generate_
random_ token - Generates a cryptographically secure random CSRF token.
- rotate_
csrf_ token_ in_ response - Rotates the CSRF token and writes any necessary cookie updates to the response.
- validate_
hmac_ token - Convenience helper to validate an authorized-class CSRF token.
- validate_
hmac_ token_ ctx - Verifies an HMAC-protected CSRF token for a given class and identifier.