Crate origin_check
source ·Expand description
A minimal Tower
middleware layer for mitigating CSRF attacks.
Examines the Origin
or Referer
header of incoming requests, and compares
it to the target Host
and URI
.
let (mock_service, _) = tower_test::mock::spawn::<http::Request<()>, ()>();
let csrf_proof_service = origin_check::OriginCheck::new(mock_service);
IMPORTANT NOTES:
This crate makes several assumptions that must all be true for it to be a good choice for you:
- Your site is accessed exclusively in “secure contexts”, like over
https
or onlocalhost
. - State changes are never performed in response to
GET
orHEAD
requests. Such requests are always allowed by this service, regardless of CSRF indicators. - All other requests should fail if the hostname and port of the
Origin
orReferer
does not exactly match theHost
. This means that you cannot, e.g., send POST requests from one subdomain to another, or from one port to another. - Your users’ browsers will set the
Origin
orReferer
header on non-GET
/-HEAD
requests, when those requests are initiated by your site. In order to ensure this, be careful that theReferrer-Policy
for your site is not set tono-referrer
.
You probably want to set SameSite=Strict
or SameSite=Lax
on any
authentication cookies, as additional protection against CSRF.
You likely also want to set X-Frame-Options: DENY
for your site by default,
to prevent clickjacking, which is a distinct but related problem to CSRF.
Features
tower-layer
: optional, enabled by default. Adds an impl fortower_layer::Layer
.
Structs
- Tower middleware service that verifies that a request’s origin matches the target host on non-GET, non-HEAD requests.
- A dummy layer type, allowing use of the OriginCheck as a
tower-layer::Layer
.
Enums
- Error returned when the origin is not allowed.
- Future type produced by the OriginCheck Service.