pub struct CsrfFilter { /* private fields */ }Expand description
CSRF protection filter that validates request origins against a trusted allowlist.
Safe methods (GET, HEAD, OPTIONS by default) bypass
the check. State-changing methods require a matching
Origin or Referer header.
State-changing methods require an Origin or Referer
header matching the trusted origins. Rejected requests
receive 403 Forbidden.
A bare wildcard ("*") cannot be mixed with other origins.
§YAML configuration
filter: csrf
trusted_origins:
- "https://app.example.com"
- "https://*.example.com"
enforce_percentage: 100
enable_sec_fetch_site: true§Example
ⓘ
use praxis_filter::CsrfFilter;
let yaml: serde_yaml::Value = serde_yaml::from_str(
r#"
trusted_origins:
- "https://example.com"
"#,
)
.unwrap();
let filter = CsrfFilter::from_config(&yaml).unwrap();
assert_eq!(filter.name(), "csrf");Implementations§
Source§impl CsrfFilter
impl CsrfFilter
Sourcepub fn from_config(config: &Value) -> Result<Box<dyn HttpFilter>, FilterError>
pub fn from_config(config: &Value) -> Result<Box<dyn HttpFilter>, FilterError>
Create a CSRF filter from parsed YAML config.
§Errors
Returns FilterError on invalid configuration:
empty trusted origins, enforce_percentage > 100, or
invalid origin patterns.
§Example
ⓘ
use praxis_filter::CsrfFilter;
let yaml: serde_yaml::Value = serde_yaml::from_str(
r#"
trusted_origins: ["https://example.com"]
"#,
)
.unwrap();
let filter = CsrfFilter::from_config(&yaml).unwrap();
assert_eq!(filter.name(), "csrf");Trait Implementations§
Source§impl HttpFilter for CsrfFilter
impl HttpFilter for CsrfFilter
Source§fn name(&self) -> &'static str
fn name(&self) -> &'static str
Unique name identifying this filter type (e.g.
"router", "rate_limit").Source§fn apply_insecure_options(&self, options: &InsecureOptions)
fn apply_insecure_options(&self, options: &InsecureOptions)
Apply global
InsecureOptions to this filter. Read moreSource§fn on_request<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
ctx: &'life1 mut HttpFilterContext<'life2>,
) -> Pin<Box<dyn Future<Output = Result<FilterAction, FilterError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
fn on_request<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
ctx: &'life1 mut HttpFilterContext<'life2>,
) -> Pin<Box<dyn Future<Output = Result<FilterAction, FilterError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Called for each incoming request, in pipeline order.
Source§fn on_response<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
ctx: &'life1 mut HttpFilterContext<'life2>,
) -> Pin<Box<dyn Future<Output = Result<FilterAction, FilterError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
fn on_response<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
ctx: &'life1 mut HttpFilterContext<'life2>,
) -> Pin<Box<dyn Future<Output = Result<FilterAction, FilterError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Called for each response, in reverse pipeline order. Read more
Source§fn request_body_access(&self) -> BodyAccess
fn request_body_access(&self) -> BodyAccess
Declares what access this filter needs to request bodies. Read more
Source§fn response_body_access(&self) -> BodyAccess
fn response_body_access(&self) -> BodyAccess
Declares what access this filter needs to response bodies. Read more
Source§fn request_body_mode(&self) -> BodyMode
fn request_body_mode(&self) -> BodyMode
Declares the delivery mode for request body chunks. Read more
Source§fn response_body_mode(&self) -> BodyMode
fn response_body_mode(&self) -> BodyMode
Declares the delivery mode for response body chunks. Read more
Source§fn needs_request_context(&self) -> bool
fn needs_request_context(&self) -> bool
Whether this filter needs the original request context
during body phases. Read more
Source§fn compression_config(&self) -> Option<&CompressionConfig>
fn compression_config(&self) -> Option<&CompressionConfig>
Returns the compression configuration if this filter enables
response compression. Read more
Source§fn on_request_body<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
ctx: &'life1 mut HttpFilterContext<'life2>,
body: &'life3 mut Option<Bytes>,
end_of_stream: bool,
) -> Pin<Box<dyn Future<Output = Result<FilterAction, FilterError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
fn on_request_body<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
ctx: &'life1 mut HttpFilterContext<'life2>,
body: &'life3 mut Option<Bytes>,
end_of_stream: bool,
) -> Pin<Box<dyn Future<Output = Result<FilterAction, FilterError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Called for each chunk of request body data, in pipeline order. Read more
Source§fn on_response_body(
&self,
ctx: &mut HttpFilterContext<'_>,
body: &mut Option<Bytes>,
end_of_stream: bool,
) -> Result<FilterAction, FilterError>
fn on_response_body( &self, ctx: &mut HttpFilterContext<'_>, body: &mut Option<Bytes>, end_of_stream: bool, ) -> Result<FilterAction, FilterError>
Called for each chunk of response body data, in reverse
pipeline order. Read more
Auto Trait Implementations§
impl !Freeze for CsrfFilter
impl RefUnwindSafe for CsrfFilter
impl Send for CsrfFilter
impl Sync for CsrfFilter
impl Unpin for CsrfFilter
impl UnsafeUnpin for CsrfFilter
impl UnwindSafe for CsrfFilter
Blanket Implementations§
Source§impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
Source§impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more