[−][src]Struct actix_web::middleware::csrf::CsrfFilter
A middleware that filters cross-site requests.
To construct a CSRF filter:
- Call
CsrfFilter::buildto start building. - Add allowed origins.
- Call finish to retrieve the constructed filter.
Example
use actix_web::middleware::csrf; use actix_web::App; let app = App::new() .middleware(csrf::CsrfFilter::new().allowed_origin("https://www.example.com"));
Methods
impl CsrfFilter[src]
pub fn new() -> CsrfFilter[src]
Start building a CsrfFilter.
pub fn allowed_origin<T: Into<String>>(self, origin: T) -> CsrfFilter[src]
Add an origin that is allowed to make requests. Will be verified
against the Origin request header.
pub fn allow_xhr(self) -> CsrfFilter[src]
Allow all requests with an X-Requested-With header.
A cross-site attacker should not be able to send requests with custom
headers unless a CORS policy whitelists them. Therefore it should be
safe to allow requests with an X-Requested-With header (added
automatically by many JavaScript libraries).
This is disabled by default, because in Safari it is possible to circumvent this using redirects and Flash.
Use this method to enable more lax filtering.
pub fn allow_missing_origin(self) -> CsrfFilter[src]
Allow requests if the expected Origin header is missing (and
there is no Referer to fall back on).
The filter is conservative by default, but it should be safe to allow
missing Origin headers because a cross-site attacker cannot prevent
the browser from sending Origin on unprotected requests.
pub fn allow_upgrade(self) -> CsrfFilter[src]
Allow cross-site upgrade requests (for example to open a WebSocket).
Trait Implementations
impl<S> Middleware<S> for CsrfFilter[src]
fn start(&self, req: &HttpRequest<S>) -> Result<Started>[src]
fn response(&self, req: &HttpRequest<S>, resp: HttpResponse) -> Result<Response>[src]
Method is called when handler returns response, but before sending http message to peer. Read more
fn finish(&self, req: &HttpRequest<S>, resp: &HttpResponse) -> Finished[src]
Method is called after body stream get sent to peer.
impl Default for CsrfFilter[src]
fn default() -> CsrfFilter[src]
Auto Trait Implementations
impl Send for CsrfFilter
impl Sync for CsrfFilter
Blanket Implementations
impl<T, U> Into for T where
U: From<T>, [src]
U: From<T>,
impl<T> From for T[src]
impl<T, U> TryFrom for T where
U: Into<T>, [src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>[src]
impl<T> Borrow for T where
T: ?Sized, [src]
T: ?Sized,
impl<T> Any for T where
T: 'static + ?Sized, [src]
T: 'static + ?Sized,
impl<T> BorrowMut for T where
T: ?Sized, [src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T[src]
impl<T, U> TryInto for T where
U: TryFrom<T>, [src]
U: TryFrom<T>,
type Error = <U as TryFrom<T>>::Error
The type returned in the event of a conversion error.