pub struct CsrfMiddleware<Rng> { /* private fields */ }
Expand description
CSRF middleware to manage CSRF cookies and tokens.
Implementations§
Source§impl<Rng: TokenRng + SeedableRng> CsrfMiddleware<Rng>
impl<Rng: TokenRng + SeedableRng> CsrfMiddleware<Rng>
Sourcepub fn new() -> Self
pub fn new() -> Self
Creates a CSRF middleware with secure defaults. Namely:
- The CSRF cookie will be prefixed with
__Host-
. This also implies the following:Secure
is set.Domain
is not set.Path
is set to/
.
SameSite
is set toStrict
.HttpOnly
is set.
This represents the strictest possible configuration. Requests must be always sent over HTTPS. Users must explicitly relax these restrictions.
Source§impl<Rng: TokenRng> CsrfMiddleware<Rng>
impl<Rng: TokenRng> CsrfMiddleware<Rng>
Sourcepub fn with_rng(rng: Rng) -> Self
pub fn with_rng(rng: Rng) -> Self
Creates a CSRF middleware with secure defaults and the provided Rng. Namely:
- The CSRF cookie will be prefixed with
__Host-
. This also implies the following:Secure
is set.Domain
is not set.Path
is set to/
.
SameSite
is set toStrict
.HttpOnly
is set.
This represents the strictest possible configuration. Requests must be always sent over HTTPS. Users must explicitly relax these restrictions.
Source§impl<Rng> CsrfMiddleware<Rng>
impl<Rng> CsrfMiddleware<Rng>
Sourcepub const fn enabled(self, enabled: bool) -> Self
pub const fn enabled(self, enabled: bool) -> Self
Control whether we check for the token on requests.
Set a method and path to set a CSRF cookie. This should be all locations
that whose response should set a cookie (via a Set-Cookie
header) or
those that need the CSRF token value in the response, such as for forms.
Sets the cookie name. Consider using host_prefixed_cookie_name
or
secure_prefixed_cookie_name
to prefix the cookie name with
__Host-
or __Secure-
on your behalf, or prefixing it manually.
Sets the cookie name, with __Host-
automatically prefixed.
§Examples
This functionally is equivalent to prefixing the cookie name with
__Host-
:
use actix_csrf::CsrfMiddleware;
use rand::rngs::StdRng;
let host_prefixed = CsrfMiddleware::<StdRng>::new()
.host_prefixed_cookie_name("my_special_cookie");
let manually_prefixed = CsrfMiddleware::<StdRng>::new()
.cookie_name("__Host-my_special_cookie");
assert_eq!(host_prefixed.cookie_config(), manually_prefixed.cookie_config());
Sets the cookie name. Consider using host_prefixed_cookie_name
or
manually prefixing it with __Host-
for increased defense-in-depth
measures. This is equivalent to calling
cookie_name(format!("__Secure-{}", name))
.
§Examples
This functionally is equivalent to prefixing the cookie name with
__Secure-
:
use actix_csrf::CsrfMiddleware;
use rand::rngs::StdRng;
let host_prefixed = CsrfMiddleware::<StdRng>::new()
.secure_prefixed_cookie_name("my_special_cookie");
let manually_prefixed = CsrfMiddleware::<StdRng>::new()
.cookie_name("__Secure-my_special_cookie");
assert_eq!(host_prefixed.cookie_config(), manually_prefixed.cookie_config());
Sourcepub const fn same_site(self, same_site: Option<SameSite>) -> Self
pub const fn same_site(self, same_site: Option<SameSite>) -> Self
Sets the SameSite
attribute on the cookie.
Sourcepub fn domain<S: Into<String>>(self, domain: impl Into<Option<S>>) -> Self
pub fn domain<S: Into<String>>(self, domain: impl Into<Option<S>>) -> Self
Sets the domain of the cookie.
This is incompatible with __Host-
prefixed cookies. If the cookie is
a __Host-
prefixed cookie, this function will downgrade the cookie to
a use the __Secure-
prefix instead. This weakens a defense-in-depth
measure and is not recommended unless there is an unavoidable need and
the security implications have been fully considered.
Produces an CSRF cookie config determined from the current middleware state. Note that this is not needed if you are using default cookie names.
Trait Implementations§
Source§impl<Rng: Clone> Clone for CsrfMiddleware<Rng>
impl<Rng: Clone> Clone for CsrfMiddleware<Rng>
Source§fn clone(&self) -> CsrfMiddleware<Rng>
fn clone(&self) -> CsrfMiddleware<Rng>
1.0.0 · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moreSource§impl<Rng: Debug> Debug for CsrfMiddleware<Rng>
impl<Rng: Debug> Debug for CsrfMiddleware<Rng>
Source§impl<Rng: TokenRng + SeedableRng> Default for CsrfMiddleware<Rng>
impl<Rng: TokenRng + SeedableRng> Default for CsrfMiddleware<Rng>
Source§impl<Rng: PartialEq> PartialEq for CsrfMiddleware<Rng>
impl<Rng: PartialEq> PartialEq for CsrfMiddleware<Rng>
Source§impl<S, Rng> Transform<S, ServiceRequest> for CsrfMiddleware<Rng>
impl<S, Rng> Transform<S, ServiceRequest> for CsrfMiddleware<Rng>
Source§type Response = ServiceResponse
type Response = ServiceResponse
Source§type Transform = CsrfMiddlewareImpl<S, Rng>
type Transform = CsrfMiddlewareImpl<S, Rng>
TransformService
value created by this factorySource§type Future = Ready<Result<<CsrfMiddleware<Rng> as Transform<S, ServiceRequest>>::Transform, <CsrfMiddleware<Rng> as Transform<S, ServiceRequest>>::InitError>>
type Future = Ready<Result<<CsrfMiddleware<Rng> as Transform<S, ServiceRequest>>::Transform, <CsrfMiddleware<Rng> as Transform<S, ServiceRequest>>::InitError>>
Source§fn new_transform(&self, service: S) -> Self::Future
fn new_transform(&self, service: S) -> Self::Future
impl<Rng: Eq> Eq for CsrfMiddleware<Rng>
impl<Rng> StructuralPartialEq for CsrfMiddleware<Rng>
Auto Trait Implementations§
impl<Rng> !Freeze for CsrfMiddleware<Rng>
impl<Rng> !RefUnwindSafe for CsrfMiddleware<Rng>
impl<Rng> !Send for CsrfMiddleware<Rng>
impl<Rng> !Sync for CsrfMiddleware<Rng>
impl<Rng> Unpin for CsrfMiddleware<Rng>where
Rng: Unpin,
impl<Rng> UnwindSafe for CsrfMiddleware<Rng>where
Rng: UnwindSafe,
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
key
and return true
if they are equal.