Struct axum_csrf_sync_pattern::CsrfSynchronizerTokenMiddleware

source · 
pub struct CsrfSynchronizerTokenMiddleware<S> { /* private fields */ }
Expand description

This middleware is created by axum by applying the CsrfSynchronizerTokenLayer. It verifies the CSRF token header on incoming requests, regenerates tokens as configured, and attaches the current token to the outgoing response.

In detail, this middleware receives a CSRF token as X-CSRF-TOKEN (if not custom configured with a different name) HTTP request header value and compares it to the token stored in the session.

Upon response from the inner service, the session token is returned to the client via the X-CSRF-TOKEN response header.

Make sure to expose this header in your CORS configuration if necessary!

Requires and uses axum_sessions.

Optionally regenerates the token from the session after successful verification, to ensure a new token is used for each writing (POST, PUT, DELETE) request. Enable with RegenerateToken::PerUse.

For maximum security, but severely reduced ergonomics, optionally regenerates the token from the session after each request, to keep the token validity as short as possible. Enable with RegenerateToken::PerRequest.

Implementations§

Create a new middleware from an inner [tower::Service] (axum-specific bounds, such as Infallible errors apply!) and a CsrfSynchronizerTokenLayer. Commonly, the middleware is created by the [tower::Layer] - and never manually.

Create a new CSRF synchronizer token layer. Equivalent to calling CsrfSynchronizerTokenLayer::new().

Trait Implementations§

Returns a copy of the value. Read more
Performs copy-assignment from source. Read more
Formats the value using the given formatter. Read more
Responses given by the service.
Errors produced by the service.
The future response value.
Returns Poll::Ready(Ok(())) when the service is able to process requests. Read more
Process the request and return the response asynchronously. Read more

Auto Trait Implementations§

Blanket Implementations§

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Responses given by the service
Errors produced by the service
The [Service] value created by this factory
Errors produced while building a service.
The future of the [Service] instance.
Returns Poll::Ready when the factory is able to create more services. Read more
Create and return a new service value asynchronously.
Consume this MakeService and convert it into a [Service]. Read more
Convert this MakeService into a [Service] without consuming the original MakeService. Read more
Should always be Self
Yields a mutable reference to the service when it is ready to accept a request.
👎Deprecated since 0.4.6: please use the ServiceExt::ready method instead
Yields a mutable reference to the service when it is ready to accept a request.
Yields the service when it is ready to accept a request.
Consume this Service, calling with the providing request once it is ready.
Process all requests from the given Stream, and produce a Stream of their responses. Read more
Executes a new future after this service’s future resolves. This does not alter the behaviour of the poll_ready method. Read more
Maps this service’s response value to a different value. This does not alter the behaviour of the poll_ready method. Read more
Maps this service’s error value to a different value. This does not alter the behaviour of the poll_ready method. Read more
Maps this service’s result type (Result<Self::Response, Self::Error>) to a different value, regardless of whether the future succeeds or fails. Read more
Composes a function in front of the service. Read more
Composes an asynchronous function after this service. Read more
Composes a function that transforms futures produced by the service. Read more
Convert the service into a Service + Send trait object. Read more
Convert the service into a Service + Clone + Send trait object. Read more
The resulting type after obtaining ownership.
Creates owned data from borrowed data, usually by cloning. Read more
Uses borrowed data to replace owned data, usually by cloning. Read more
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.
Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more