Iron Double Submit Cookie Cross-Site Request Forgery
Iron middleware providing CSRF protection.
Usage Example
extern crate iron_dsc_csrf;
extern crate iron;
use Csrf;
use AroundMiddleware;
use *;
use status;
Overview
iron-dsc-csrf
is an Iron middleware that provides protection against Cross-Site
Request Forgery attacks. For more information on CSRF attacks, see OWASP's,
and Wikipedia's articles.
This middleware uses an approach called Double Submit Cookie, where a random
token is generated and stored client-side in a cookie. Any time an unsafe HTTP
method (ex. POST
, PUT
, etc) is used, the submission must also include the
token from the cookie. OWASP has a more detailed description.