Struct axum_csrf::CsrfConfig
source · pub struct CsrfConfig {
pub(crate) lifespan: Duration,
pub(crate) cookie_name: String,
pub(crate) cookie_len: usize,
pub(crate) cookie_domain: Option<Cow<'static, str>>,
pub(crate) cookie_http_only: bool,
pub(crate) cookie_path: Cow<'static, str>,
pub(crate) cookie_same_site: SameSite,
pub(crate) cookie_secure: bool,
pub(crate) key: Option<Key>,
pub(crate) salt: Cow<'static, str>,
pub(crate) prefix_with_host: bool,
}
Expand description
This is the CSRF Config it is used to manage how we set the Restricted Cookie.
Fields§
§lifespan: Duration
CSRF Cookie lifespan
CSRF cookie name
CSRF Token character length
Session cookie domain
Session cookie http only flag
Session cookie http only flag
Resticts how Cookies are sent cross-site. Default is SameSite::None
Only works if domain is also set.
Session cookie secure flag
key: Option<Key>
Encyption Key used to encypt cookies for confidentiality, integrity, and authenticity.
salt: Cow<'static, str>
Hashing Salt.
prefix_with_host: bool
This is used to append __Host- to the front of all Cookie names to prevent sub domain usage. It is disabled by default.
Implementations§
source§impl CsrfConfig
impl CsrfConfig
sourcepub fn new() -> Self
pub fn new() -> Self
Creates Default
configuration of CsrfConfig
.
This is equivalent to the CsrfConfig::default()
.
Set’s the csrf’s cookie’s domain name.
Examples
use axum_csrf::CsrfConfig;
let config = CsrfConfig::default().with_cookie_domain(Some("www.helpme.com".to_string()));
sourcepub fn with_lifetime(self, time: Duration) -> Self
pub fn with_lifetime(self, time: Duration) -> Self
Set’s the csrf’s lifetime (expiration time).
Examples
use axum_csrf::CsrfConfig;
use chrono::Duration;
let config = CsrfConfig::default().with_lifetime(Duration::days(32));
Set’s the csrf’s cookie’s name.
Examples
use axum_csrf::CsrfConfig;
let config = CsrfConfig::default().with_cookie_name("my_cookie");
Set’s the csrf’s cookie’s path.
This is used to deturmine when the cookie takes effect within the website path. Leave as default (“/”) for cookie to be used site wide.
Examples
use axum_csrf::CsrfConfig;
let config = CsrfConfig::default().with_cookie_path("/");
Set’s the csrf’s cookie’s Same Site Setting for Cross-Site restrictions.
Only works if Domain is also set to restrict it to that domain only.
Examples
use axum_csrf::CsrfConfig;
use cookie::SameSite;
let config = CsrfConfig::default().with_cookie_same_site(SameSite::Strict);
sourcepub fn with_http_only(self, is_set: bool) -> Self
pub fn with_http_only(self, is_set: bool) -> Self
Set’s the csrf’s cookie’s to http only.
Examples
use axum_csrf::CsrfConfig;
let config = CsrfConfig::default().with_http_only(false);
sourcepub fn with_secure(self, is_set: bool) -> Self
pub fn with_secure(self, is_set: bool) -> Self
Set’s the csrf’s secure flag for if it gets sent over https.
Examples
use axum_csrf::CsrfConfig;
let config = CsrfConfig::default().with_secure(true);
Set’s the csrf’s token length.
Examples
use axum_csrf::CsrfConfig;
let config = CsrfConfig::default().with_cookie_len(16);
sourcepub fn with_key(self, key: Option<Key>) -> Self
pub fn with_key(self, key: Option<Key>) -> Self
Set’s the csrf’s cookie encyption key enabling private cookies.
When Set it will enforce Private cookies across all Sessions. If you use Key::generate() it will make a new key each server reboot. To prevent this make and save a key to a config file for long term usage. For Extra Security Regenerate the key every so many months to a year.
Examples
use axum_csrf::{Key, CsrfConfig};
let config = CsrfConfig::default().with_key(Key::generate());
sourcepub fn with_salt(self, salt: impl Into<Cow<'static, str>>) -> Self
pub fn with_salt(self, salt: impl Into<Cow<'static, str>>) -> Self
Set’s the csrf’s cookie’s salt.
This is used to hash the CSRF key for the html insertion.
Examples
use axum_csrf::CsrfConfig;
let config = CsrfConfig::default().with_salt("somesalthere");
sourcepub fn with_prefix_with_host(self, enable: bool) -> Self
pub fn with_prefix_with_host(self, enable: bool) -> Self
Set’s the CSRF’s prefix_with_host to either true: __Host- gets prefixed to the cookie names false: __Host- does not get prepended.
__Host- prefix: Cookies with names starting with __Host- must be set with the secure flag, must be from a secure page (HTTPS), must not have a domain specified (and therefore, are not sent to subdomains), and the path must be /.
Examples
use axum_csrf::CsrfConfig;
let config = CsrfConfig::default().with_prefix_with_host(true);
Trait Implementations§
source§impl Clone for CsrfConfig
impl Clone for CsrfConfig
source§fn clone(&self) -> CsrfConfig
fn clone(&self) -> CsrfConfig
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read more